Signing the MSI using Signtool and pfx

amit.m.srivastava's Avatar


10 Apr, 2020 01:17 PM


During the build process, we want to sign the generated MSI file using signtool with our password protected pfx file.

How can I achieve this without needing to copy the pfx file in github repository.


  1. Support Staff 1 Posted by Feodor Fitsner on 10 Apr, 2020 05:21 PM

    Feodor Fitsner's Avatar

    Hi Amit,

    One option is to try base64-encode .pfx and put it into secure environment variable, then decode during the build. Of course, you should be worried about the size of environment variable(s).

    Another option is to put encrypted .pfx into repository using secure file tool. Then both .pfx encryption password/salt and .pfx password itself are being put into secure variables.

    We've tried both ways to sign AppVeyor installers and they worked pretty well for us, though second way is more preferable.

  2. Feodor Fitsner closed this discussion on 10 Jun, 2020 09:02 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac