Signotaur 关于

自托管代码签名服务器。

Signotaur is a powerful self-hosted server designed to simplify and secure remote code signing. It serves as a centralized hub for managing signing certificates, integrating seamlessly with your continuous integration (CI) systems to streamline your development process. With Signotaur, sensitive private keys never leave the server. Enable secure remote code and document signing using USB tokens such as Yubikey and SafeNet, PFX files or Windows Certificate stores.

Signotaur Key Features:

  • BYOK (Bring Your Own Keys) - Use your own Organizational Validated (OV) or Extended Validation (EV) certificates.
  • Uncompromising Security - Your private keys stay safely within your server, never leaving the hardware security module (HSM), token, or server itself.
  • Unlimited Signing - No signing limits, unlike cloud-based services that may impose restrictions.
  • Effortless CI Integration - Easily integrate with your CI/CD pipelines, automating your code signing process.

Code signing keys are prime targets for supply chain attacks, which is why Signotaur ensures your keys remain secure. With strict access control and administrator oversight, you maintain full control over who can access your certificates and perform signing operations.

Supported Certificate Sources:

  • Hardware Security Devices: YubiKey, SafeNet eToken, and other PKCS#11-compliant devices (HSMs).
  • File-Based Certificates: Including PFX files.
  • Windows Certificate Store: Easy integration with the Windows certificate store.

Easy Signing with Signotaur:
The Signotaur client offers an intuitive command-line interface, making it easy to integrate into your existing build scripts and CI/CD workflows. With API keys instead of password prompts, you’ll experience a simple, secure signing process.