Skip to main content
DE / EN
Cloud / Azure / Products / Azure Artifact Signing - Code Signing

Azure Artifact Signing - Code Signing

Azure Artifact Signing enables secure signing of container images and software artifacts in the cloud.

developer-tools
Get Expert Support Documentation
Pricing Model Pay-as-you-go
Availability Global regions
Data Sovereignty EU regions available
Reliability 99.9% SLA

What is Azure Artifact Signing?

Azure Artifact Signing (also known as Azure Code Signing or Trusted Signing) is a managed service for signing software artifacts such as container images, binaries, and packages. The service uses Hardware Security Modules (HSMs) for secure key management and enables integration into CI/CD pipelines.

Signed artifacts can be verified by recipients to ensure integrity and provenance.

Core Features

  • Container image signing with Notation (CNCF standard)
  • HSM-protected key management without own hardware
  • Integration with Azure Container Registry (ACR)
  • Support for various signature formats
  • Audit logging of all signing operations
  • RBAC-based access control for signing keys

Typical Use Cases

Container supply chain security: Sign container images before pushing to the registry. Kubernetes can be configured to only deploy signed images.

Software distribution: Sign installation packages and binaries so end users can verify the authenticity of the software.

Compliance requirements: Demonstrable code signing for regulated industries like financial services or healthcare.

Benefits

  • No own HSM management required
  • Seamless integration with Azure DevOps and GitHub Actions
  • Reduced complexity compared to self-hosted solutions
  • Centralized management of all signing keys

Frequently Asked Questions

Which artifact types are supported?

Azure Artifact Signing supports container images (OCI format), Windows binaries, NuGet packages, and other formats. The Notation integration enables signing container images according to the CNCF standard.

How are the signing keys protected?

All private keys are stored in FIPS 140-2 Level 2 certified Hardware Security Modules (HSMs). The keys never leave the HSM.

Can I use existing certificates?

For some scenarios, custom certificates can be imported. For container signing, Azure-managed certificates that are automatically renewed are recommended.

How do I verify signed artifacts?

Container images can be verified using the Notation CLI or integrated Kubernetes admission controllers. Public certificates are provided in Azure Key Vault or a trust store.

Integration with innFactory

As a Microsoft Solutions Partner, innFactory supports you with Azure Artifact Signing: implementation in CI/CD pipelines, Kubernetes integration, and supply chain security.

Quick Links

Documentation Console

Microsoft Solutions Partner

innFactory is a Microsoft Solutions Partner. We provide expert consulting, implementation, and managed services for Azure.

Microsoft Solutions Partner Microsoft Data & AI

Similar Products from Other Clouds

Other cloud providers offer comparable services in this category. As a multi-cloud partner, we help you choose the right solution.

Google Cloud

Artifact Registry - Container & Package Repository

Artifact Registry is Google's universal package manager for Docker images, Maven, npm, Python and other formats.

Pricing Pay-per-use
SLA 99.9% or higher
Compare →
AWS

AWS Cloud9: Cloud IDE

AWS Cloud9 is a cloud-based development environment with browser access and direct AWS integration.

Pricing Pay for underlying EC2 instance
SLA Depends on EC2 SLA
Compare →
AWS

AWS CloudShell: Browser-based CLI

AWS CloudShell provides a pre-configured shell in the browser with pre-installed AWS CLI.

Pricing No charge
SLA N/A
Compare →
AWS

AWS CodeArtifact: Artifact Repository

AWS CodeArtifact is a managed artifact repository service for npm, Maven, PyPI, and more.

Pricing Pay for storage and requests
SLA 99.9% availability
Compare →
AWS

AWS CodeBuild: Managed Build Service

AWS CodeBuild is a managed build service for continuous integration without your own build servers.

Pricing Pay per build minute
SLA 99.9% availability
Compare →
AWS

AWS CodeCommit: Git Repository

AWS CodeCommit is a managed Git repository service with AWS integration and IAM authentication.

Pricing Pay per active user
SLA 99.9% availability
Compare →

20 comparable products found across other clouds.

Ready to start with Azure Artifact Signing - Code Signing?

Our certified Azure experts help you with architecture, integration, and optimization.

Schedule Consultation