Hi,
The codesigning password is stored in any xxxx.mpr file unencrypted and this is getting into the source code repositoy. This is sub optimal. Is there a (simple) way to solve that security issue (miabuild parameter, compiler variable?
best regards
Wolfgang
Codesigning certifcate/password as a miabuild parameter or compilervarible
-
Wolfgang Guertl
- Posts: 19
- Joined: Wed Oct 15, 2014 7:14 am
-
BartWilson
- Posts: 40
- Joined: Mon Mar 01, 2021 9:01 am
Re: Codesigning certifcate/password as a miabuild parameter or compilervarible
I do this with InstallAware projects now as I noticed the same thing. Through Jenkins I grab the password from our Vault instance setting an environment variable (CERT_PASS) using the pipeline plugin withVault that is masked in our console logs. This is passed as a parameter to the miabuild.exe line as "CERT_PASS=%CERT_PASS%". In the password field in the project I put the "#CERT_PASS#" and that seemed to work for me.
-
Wolfgang Guertl
- Posts: 19
- Joined: Wed Oct 15, 2014 7:14 am
Re: Codesigning certifcate/password as a miabuild parameter or compilervarible
Yes this is working indeed, but die certificate password is dumped to the console/logfile.
Fix: miabuild ...... >nul
but all of the setup build process is suppressed. hard to find errors
Wolfgang
Fix: miabuild ...... >nul
but all of the setup build process is suppressed. hard to find errors
Wolfgang
-
BartWilson
- Posts: 40
- Joined: Mon Mar 01, 2021 9:01 am
Re: Codesigning certifcate/password as a miabuild parameter or compilervarible
I'm running my miabuild command line in a Jenkins pipeline pulling the cert password from a hashicorp vault using the "withVault" plugin, so Jenkins is masking the password for me. Not sure of other technologies and how they would possibly mask the password.
Who is online
Users browsing this forum: Majestic-12 [Bot] and 82 guests
