Secure digital signing,
without the hassle.

Make signing effortless for developers and easy to manage for security.

Protect the integrity of code, containers, and software with secure code signing as a service. With Keyfactor Signum, sensitive keys are protected, policy is automated, and signing is integrated with your tools and build processes.

Sign with

  • SignTool
  • Jarsigner
  • Cosign
  • OpenSSL
  • Jenkins
  • Microsoft HLK

Protect access to sensitive signature keys, without disrupting IT workflows and build processes.
Keyfactor Signum integrates with the signing tools your teams already use.

Icon Icon

Protect sensitive keys

Generate and store sensitive private signing keys in a centralized, FIPS 140-2 certified hardware security module (HSM) in the cloud.

Icon Icon

Enforce policy

Define granular access and usage policies for private signing keys, and authenticate users and build servers for signing with a full audit trail.

Icon Icon

Make it invisible

Integrate with platform-native signing tools to protect access to private signing keys, without changing workflows.

Make signing simple.
One platform, any tool.

Forget manual, error-prone signing processes. Keyfactor Signum integrates with IT workflows and CI/CD tools to provide efficient signing without slowing down development.

Icon Icon

Integrate with signing tools via lightweight Windows and Linux agents that are quick to install on build servers or developer workstations.

Icon Icon

Maintain centralized control while enabling decentralized code signing for remote application teams, wherever they are.

Developers with different code signing tools
Users allowed or denied access to secure code signing keys

Mitigate attacks and prevent
unauthorized signing.

Code signing is a powerful tool — if it’s secure. Prevent unauthorized access and use of signing keys with authentication and policy workflows.

Icon Icon

Prevent unauthorized signing by configuring user roles and permissions and authenticating developers and build servers before signing.

Icon Icon

Automate policy enforcement by defining key usage permissions based on specific users, groups, devices, time and location, or signing tool.

Securely manage keys.
Simplify compliance.

Code signing keys are high-value targets. Keyfactor Signum ensures that private keys never leave the HSM and access is restricted.

Icon Icon

Use the built-in FIPS 140-2 certified HSM to generate and store private keys, without having to install hardware on-premise.

Icon Icon

Generate key attestation to comply with CA/B forum requirements to verify that keys are stored and generated in an HSM.

hardware security module with shield
Man standing in front of secure lock and audit log

See who signed what,
where, and when.

No guesswork, no chasing down developers. Rest assured that only the right code is signed with the right key at the right time and place.

Icon Icon

Centralize management of code signing certificates, policies, and permissions in a single dashboard.

Icon Icon

Simplify audits with a complete event log of usage and access to code signing private keys.

Key features

HSM-backed keys

Generate and store private signing keys in a FIPS 140-2 certified HSM and ensure they never leave the HSM.

Policy enforcement

Set granular access controls for signing, such as authorized users, devices, signing tools, time windows, and more.

Native integration

Agents for Windows (KSP) and Linux (PKCS11) are compatible with platform-native tools to enable remote signing.

Event logs

Maintain an irrefutable log of all signing key access and usage activities to identify anomalies and simplify audits.


Integrate with your identity provider (e.g., Azure AD, Okta) to enable SAML, OAuth, token-based, or basic authentication.

Remote key attestation

Easily comply with Code Signing Baseline Requirements (CSBR) requirements with one-click remote key attestation.

How it works

Keyfactor Signum eliminates the need to deploy and manage complex infrastructure on-premise, while integrating with native signing tools using lightweight agents.

Solution architecture of Keyfactor Signum secure code signing platform

Ready to get started?

Protect your code signing keys, prevent unauthorized signing, and enable developers to move fast.
Watch a 30-minute recorded demo or request a demo with an expert.