Skip to content

Implement new --certificate-output argument to save the certificate information#1035

Open
jozefizso wants to merge 2 commits into
dotnet:mainfrom
jozefizso:feature/certificate_output_option
Open

Implement new --certificate-output argument to save the certificate information#1035
jozefizso wants to merge 2 commits into
dotnet:mainfrom
jozefizso:feature/certificate_output_option

Conversation

@jozefizso

Copy link
Copy Markdown

The certificate information is useful when signing code with Azure Artifacts Signing
which rotates certificates each day. Scripts and automation can use correct certificate
used to sign content.

This helps with NuGet Gallery where we must manually upload certificates.

jozefizso added 2 commits July 5, 2026 15:48
… information

The certificate information is useful when signing code with Azure Artifacts Signing
which rotates certificates each day. Scripts and automation can use correct certificate
used to sign content.

This helps with NuGet Gallery where we must manually upload certificates.
@jozefizso
jozefizso marked this pull request as ready for review July 5, 2026 13:50
@jozefizso
jozefizso requested a review from a team as a code owner July 5, 2026 13:50
ArtifactSigningServiceProvider trustedSigningServiceProvider = new();

return codeCommand.HandleAsync(parseResult, serviceProviderFactory, trustedSigningServiceProvider, filesArgument);
return codeCommand.HandleAsync(parseResult, serviceProviderFactory, trustedSigningServiceProvider, filesArgument, cancellationToken);

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally think it would make more sense to make it a specific option for this command and execute it after this handle command?

@Jaxelr Jaxelr Jul 8, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to this for the ergonomy and usability. Its more straightforward to have a command to retrieve the pubkey, although to be fair there's a small tiny percentage of possibility that the certificate might've rotated when the get is executed after the sign, this way we guarantee we use the same certificate on the operation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants