Forget manual, error-prone signing processes. Keyfactor Signum integrates with IT workflows and CI/CD tools to provide efficient signing without slowing down development.
Secure digital signing,
without the hassle.
Make signing effortless for developers and easy to manage for security.
Protect the integrity of code, containers, and software with secure code signing as a service. With Keyfactor Signum, sensitive keys are protected, policy is automated, and signing is integrated with your tools and build processes.
Sign with
Protect access to sensitive signature keys, without disrupting IT workflows and build processes.
Keyfactor Signum integrates with the signing tools your teams already use.


Protect sensitive keys
Generate and store sensitive private signing keys in a centralized, FIPS 140-2 certified hardware security module (HSM) in the cloud.


Enforce policy
Define granular access and usage policies for private signing keys, and authenticate users and build servers for signing with a full audit trail.

Make it invisible
Integrate with platform-native signing tools to protect access to private signing keys, without changing workflows.
Make signing simple.
One platform, any tool.


Integrate with signing tools via lightweight Windows and Linux agents that are quick to install on build servers or developer workstations.


Maintain centralized control while enabling decentralized code signing for remote application teams, wherever they are.


Mitigate attacks and prevent
unauthorized signing.
Code signing is a powerful tool — if it’s secure. Prevent unauthorized access and use of signing keys with authentication and policy workflows.


Prevent unauthorized signing by configuring user roles and permissions and authenticating developers and build servers before signing.


Automate policy enforcement by defining key usage permissions based on specific users, groups, devices, time and location, or signing tool.
Securely manage keys.
Simplify compliance.
Code signing keys are high-value targets. Keyfactor Signum ensures that private keys never leave the HSM and access is restricted.


Use the built-in FIPS 140-2 certified HSM to generate and store private keys, without having to install hardware on-premise.


Generate key attestation to comply with CA/B forum requirements to verify that keys are stored and generated in an HSM.


See who signed what,
where, and when.
No guesswork, no chasing down developers. Rest assured that only the right code is signed with the right key at the right time and place.


Centralize management of code signing certificates, policies, and permissions in a single dashboard.


Simplify audits with a complete event log of usage and access to code signing private keys.
Key features
HSM-backed keys
Generate and store private signing keys in a FIPS 140-2 certified HSM and ensure they never leave the HSM.
Policy enforcement
Set granular access controls for signing, such as authorized users, devices, signing tools, time windows, and more.
Native integration
Agents for Windows (KSP) and Linux (PKCS11) are compatible with platform-native tools to enable remote signing.
Event logs
Maintain an irrefutable log of all signing key access and usage activities to identify anomalies and simplify audits.
Authentication
Integrate with your identity provider (e.g., Azure AD, Okta) to enable SAML, OAuth, token-based, or basic authentication.
Remote key attestation
Easily comply with Code Signing Baseline Requirements (CSBR) requirements with one-click remote key attestation.
How it works
Keyfactor Signum eliminates the need to deploy and manage complex infrastructure on-premise, while integrating with native signing tools using lightweight agents.
Ready to get started?
Protect your code signing keys, prevent unauthorized signing, and enable developers to move fast.
Watch a 30-minute recorded demo or request a demo with an expert.