Submits a new signing request or resubmits an existing one via the SignPath REST API.
Syntax
Upload an input artifact
Use -InputArtifact
to directly upload the artifact from the specified local file.
Submit-SigningRequest
-InputArtifactPath <String>
(-ProjectSlug <String> -SigningPolicySlug <String> [-ArtifactConfigurationSlug <String>] )
| (-SigningPolicyId <String> [-ArtifactConfigurationId <String>] )
[-Origin <Hashtable>]
[-WaitForCompletion
-OutputArtifactPath <String>
[-Force]
[-WaitForCompletionTimeoutInSeconds <Int32>]
]
-OrganizationId <String> -ApiToken <String> [-ClientCertificate <X509Certificate2>]
[-ApiUrl <String>]
[-Description <String>]
[-Parameters <Hashtable>]
[-ServiceUnavailableTimeoutInSeconds <Int32>] [-UploadAndDownloadRequestTimeoutInSeconds <Int32>]
[-CancellationTimeoutInSeconds <Int32>]
Provide a URL to retrieve the artifact
Use -ArtifactRetrievalLink
to instruct SingPath to download the artifact from the specified URL.
Submit-SigningRequest
-ArtifactRetrievalLink <String>
-ArtifactRetrievalLinkFileName <String>
[-ArtifactRetrievalLinkSha256Hash <String>]
[-ArtifactRetrievalLinkHttpHeaders <Hashtable>]
(-ProjectSlug <String> -SigningPolicySlug <String> [-ArtifactConfigurationSlug <String>] )
| (-SigningPolicyId <String> [-ArtifactConfigurationId <String>] )
[-Origin <Hashtable>]
[-WaitForCompletion
-OutputArtifactPath <String>
[-Force]
[-WaitForCompletionTimeoutInSeconds <Int32>]
]
-OrganizationId <String> -ApiToken <String> [-ClientCertificate <X509Certificate2>]
[-ApiUrl <String>]
[-Description <String>]
[-Parameters <Hashtable>]
[-ServiceUnavailableTimeoutInSeconds <Int32>] [-UploadAndDownloadRequestTimeoutInSeconds <Int32>]
[-CancellationTimeoutInSeconds <Int32>]
Resubmit an existing singing request
Available for Advanced Code Signing, Open Source Code Signing.
Use -Resubmit
to create a new signing request based on an existing signing request, but typically using a different signing policy (read more.).
Submit-SigningRequest
-Resubmit
-OriginalSigningRequestId <String>
(-SigningPolicySlug <String>) | (-SigningPolicyId <String>)
[-WaitForCompletion
-OutputArtifactPath <String>
[-Force]
[-WaitForCompletionTimeoutInSeconds <Int32>]
]
-OrganizationId <String> -ApiToken <String> [-ClientCertificate <X509Certificate2>]
[-ApiUrl <String>]
[-Description <String>]
[-Parameters <Hashtable>]
[-ServiceUnavailableTimeoutInSeconds <Int32>] [-UploadAndDownloadRequestTimeoutInSeconds <Int32>]
[-CancellationTimeoutInSeconds <Int32>]
Description
The Submit-SigningRequest
cmdlet creates a new signing request. The signing request will be processed by SignPath according to authorization and policy rules.
Creating a new signing request vs. re-signing
When using the -InputArtifactPath
or -ArtifactRetrievalLink
parameter, the specified file will be used for processing.
When using the -Resubmit
parameter, the specified signing request will be processed again using the specified signing policy. This is especially useful for conditional signing of release candidates. See Resubmit an existing signing request for more information.
Downloading the signed artifact
Processing a signing request may take several minutes, or even longer if manual approval is required. You can either
- your own logic to wait for processing to complete and download the signed artifact using the Get-SignedArtifact cmdlet afterwards,
- or use the
-WaitForCompletion
parameter of this cmdlet to wait for processing and then download the signed artifact in a single call.
Parameters
Tip
Signing policies in the SignPath Web application show basic
Submit-SigningRequest
calls with essential parameters.
Parameters with -InputArtifactPath
or -ArtifactRetrievalLink
Parameter | Type | Description | Default value | Editions |
---|---|---|---|---|
-InputArtifactPath |
String |
Local path of the artifact you want to sign | ||
-ArtifactRetrievalLink |
String |
URL to download the artifact you want to sign | ||
-ArtifactRetrievalLinkFileName |
String |
File name of the artifact | ||
-ArtifactRetrievalLinkSha256Hash |
String |
Optional hexadecimal file hash of the artifact (is specified, must match retrieved artifact) | ||
-ArtifactRetrievalLinkHttpHeaders |
Hashtable |
Optional HTTP headers to use when downloading the artifact | ||
-ProjectSlug |
String |
Slug of the project | ||
-SigningPolicySlug |
String |
Slug of one of the project’s signing policies | ||
-ArtifactConfigurationSlug |
String |
Slug of one of the project’s artifact configurations | Project’s default artifact configuration | |
-SigningPolicyId |
String |
ID of a project’s signing policy | ||
-ArtifactConfigurationId |
String |
ID of one of the project’s artifact configurations | Project’s default artifact configuration | |
-Origin |
Hashtable |
Information about the origin of the artifact, see below |
Slugs or IDs
Use either slugs or IDs, don’t mix them.
Automated builds version control
Consider using these sources if you are using automated builds:
- Artifact configuration: version management. Create new versions of your artifact configuration for breaking changes and let your code determine the version to use. This ensures that signing will continue to work for older versions of your application while the artifact configuration evolves. If the script that invokes this cmdlet is under version control, it might be a better idea to have the artifact configuration slug hard coded in the script than to get it from a CI variable.
- Signing policy: CI parameter. If you take the signing policy from a Continuous Integration/Build Automation parameter, you can use the same script and cmdlet invocation for different build configurations, such as test and release.
Values for -Origin
parameter
Available for Advanced Code Signing, Code Signing Gateway. Required for Open Source Code Signing.
This parameter should only be used from a Trusted Build System.
Parameter | Description |
---|---|
RepositoryData.SourceControlManagementType |
Type of source control management (SCM) or version control system (VCS), e.g. git |
RepositoryData.Url |
URL of the source code repository, must match project settings for origin verification |
RepositoryData.BranchName |
Branch name for the build, must match signing policy settings for origin verification |
RepositoryData.CommitId |
Commit ID for the build |
BuildData.Url |
URL of the CI system |
BuildData.BuildSettingsFile |
File containing build configuration settings not accessible through SCM/VCS. Use @ prefix to reference a local file, e.g. @build/settings.json |
Parameters can either be passed as named above, or using nested hashtables (see example).
Parameters with -Resubmit
Parameter | Type | Description | Default value |
---|---|---|---|
-Resubmit |
Switch | Re-sign an existing signing request | false |
-OriginalSigningRequestId |
String |
ID of the signing request that should be resubmitted | |
-SigningPolicySlug |
String |
Slug of one of the original project’s signing policies | |
-SigningPolicyId |
String |
ID of one of the original project’s signing policies |
Note: Use either slugs or IDs, don’t mix.
Parameters with -WaitForCompletion
Parameter | Type | Description | Default value |
---|---|---|---|
-WaitForCompletion |
Switch | Wait for the signing request to complete | false |
-OutputArtifactPath |
String |
Specifies the target path for the downloaded signed artifact | InputArtifactPath with an added .signed extension |
-Force |
Switch | Allows the cmdlet to overwrite the file at OutputArtifactPath | false |
-WaitForCompletionTimeoutInSeconds |
Int32 |
Maximum time in seconds that the cmdlet will wait for the signing request to complete (upload and download have no specific timeouts) | 600 seconds |
Common parameters
Parameter | Type | Description | Default value | Editions |
---|---|---|---|---|
-OrganizationId |
String |
ID of your SignPath organization | ||
-ApiToken |
String |
API token of an interactive or CI user | ||
-ClientCertificate |
X509Certificate2 |
Client certificate used for a secure Web API request. Not supported by SignPath.io directly, use for proxies. | ||
-ApiUrl |
String |
URL to the SignPath REST API | https://app.signpath.io/api/ |
|
-Description |
String |
Optional description of the signing request | ||
-Parameters |
Hashtable |
Values for parameters defined in the artifact configuration | ||
-ServiceUnavailableTimeoutInSeconds |
Int32 |
Total time in seconds that the cmdlet will wait for a single service call to succeed (across several retries) | 600 seconds | |
-UploadAndDownloadRequestTimeoutInSeconds |
Int32 |
HTTP timeout used for upload and download HTTP requests | 300 seconds | |
-CancellationTimeoutInSeconds |
Int32 |
Timeout in seconds before the signing request gets cancelled (from submission; specify 0 for no timeout) |
if -WaitForCompletion is specified: -WaitForCompletionTimeoutInSeconds value; otherwise: none |
Examples
Example 1: Submit a signing request and wait for completion
Submit-SigningRequest `
-InputArtifactPath $PATH_TO_INPUT_ARTIFACT `
-ProjectSlug $PROJECT -SigningPolicySlug $SIGNING_POLICY -ArtifactConfigurationSlug $ARTIFACT_CONFIG `
-WaitForCompletion -OutputArtifactPath $PATH_TO_OUTPUT_ARTIFACT `
-OrganizationId $ORGANIZATION_ID -ApiToken $API_TOKEN
Example 2: Submit a signing request with an artifact retrieval link and wait for completion
Submit-SigningRequest `
-ArtifactRetrievalLink "https://files.acme.com/my+program.exe" `
-ArtifactRetrievalLinkFileName "my program.exe" `
-ArtifactRetrievalLinkSha256Hash (Get-FileHash "./my program.exe" -Algorithm SHA256).Hash `
-ArtifactRetrievalLinkHttpHeaders @{
"Authorization" = "$RETRIEVAL_AUTHORIZATION"
} `
-ProjectSlug $PROJECT -SigningPolicySlug $SIGNING_POLICY -ArtifactConfigurationSlug $ARTIFACT_CONFIG `
-WaitForCompletion -OutputArtifactPath $PATH_TO_OUTPUT_ARTIFACT `
-OrganizationId $ORGANIZATION_ID -ApiToken $API_TOKEN
Example 3: Separate calls for submission and retrieval
Submit a signing request and get a signing request ID without waiting for completion …
$signingRequestID = Submit-SigningRequest `
-InputArtifactPath $PATH_TO_INPUT_ARTIFACT `
-ProjectSlug $PROJECT -SigningPolicySlug $SIGNING_POLICY -ArtifactConfigurationSlug $ARTIFACT_CONFIG `
-OrganizationId $ORGANIZATION_ID -ApiToken $API_TOKEN
… and download the signed artifact later
Get-SignedArtifact `
-SigningRequestId $signingRequestID `
-OutputArtifactPath $PATH_TO_OUTPUT_ARTIFACT `
-OrganizationId $ORGANIZATION_ID -ApiToken $API_TOKEN
Example 4: Resubmit an existing signing request with a different signing policy
Submit-SigningRequestResubmit `
-Resubmit -OriginalSigningRequestId $ORIGINAL_SIGNING_REQUEST_ID `
-SigningPolicySlug $SIGNING_POLICY `
-WaitForCompletion `
-OutputArtifactPath $PATH_TO_OUTPUT_ARTIFACT `
-OrganizationId $ORGANIZATION_ID -ApiToken $API_TOKEN
Example 5: Provide user-defined parameters and origin verification
Available for Advanced Code Signing, Code Signing Gateway, Open Source Code Signing.
$signingRequestID = Submit-SigningRequest `
-InputArtifactPath $PATH_TO_INPUT_ARTIFACT `
-ProjectSlug $PROJECT -SigningPolicySlug $SIGNING_POLICY -ArtifactConfigurationSlug $ARTIFACT_CONFIG `
-Parameters @{
productVersion="1.2.0"
} `
-Origin @{
RepositoryData=@{
SourceControlManagementType="svn";
Url="https://github.com/org/project";
BranchName="release/v2.1";
CommitId="bf458b27080c81eb1e316c63867a87fdb3b47211"
};
BuildData=@{
Url="https://ci.appveyor.com/project/org/name/builds/buildid/job/jobid";
BuildSettingsFile="@settings.json"
}
} `
-OrganizationId $ORGANIZATION_ID -ApiToken $API_TOKEN