Today we are releasing Signing Manager 2.0.
We have been working on this for the last year and are excited to finally release for folks to use. It is our first release of software with Docker and we are grateful for the customers that helped with testing and support. We now support both docker compose and Kubernetes Helm Chart deployments. You just give a few commands and you have a signing service web app up and running.
We also wanted a way for folks to start using it right away so instead of a trial, we have a free tier. It has modest limits (one signing certificate, one mac client that does the signing), but for a lot of deployments, it will be enough.
HSM key storage was a technically interesting feature. Most folks will be migrating a key pair from a macOS keychain to the HSM, but we needed to wrap the raw private key so it could be ingested to the HSM. So we created a macOS app that allows you to select a key pair in your keychain and upload it to an HSM. We currently support Google’s HSM but have support for other HSM in the future.
The other really interesting part of this release is how you buy the software. Since there is a free tier, we really encourage people to start out there by deploying with their containerized microservices. Once it is up and running internally, you click a link in the web app to go to a page to purchase a subscription. After purchasing, you get sent a signed license file which you import to the web service. It is pretty slick and is a new way we are shipping software.
So if you have build servers or need a way to get back control of your Apple signing certificates, check it out and let me know what you think.