What is the current best practise for code-signing in an continous delivery scenario?
We are using TFS as build server and want to sign the builds automatically.
The new Code Signing certificates are only delivered on a Harware Token. The Build Server is in the cloud, so we have no HW access.
How are you doing code signing with build servers in the cloud. (e.g. Visual Studio Online)
The simple answer is: use cloud-based build services like Azure DevOps (ex VSTS) but keep at least one build server on premise to do the signing using your hardware token.
Azure DevOps (ex Visual Studio Team Services) runs in Azure but you can register your own agents running on your premises. They simple require an outbound HTTPS connection, from the Agent to Azure DevOps (ex VSTS). The connection may even flow through a web proxy, making your network and security administrators happy. It very easy and I have this working in quite a few places.