Skip to main content

Documentation Index

Fetch the complete documentation index at: https://infisical.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

When a Signing Policy is attached to a signer, users and machine identities must request signing access before they can sign. This page explains how to request access and how approvers review those requests.
If a signer has no signing policy attached, signing is allowed immediately without a request/approval flow.

Requesting Signing Access

Go to Certificate Manager → Approval Requests and open the Signing Requests tab. Click Request Signing Access.
1

Selecting a signer and configuring parameters

Select the signer you want to use. The form will automatically load the constraints associated with that signer’s policy.Depending on the policy constraints, provide the required parameters:
  • Valid From / Valid Until: If the policy defines a max window duration, specify the time range for when you need signing access.
  • Allowed Sign Operations: If the policy defines a max signings count, specify how many signing operations you need.
  • Justification: Optionally provide a reason for the request (e.g., “Release v2.4.0 signing”).
2

Submitting the request

Press Submit to create the request. Eligible approvers will be notified.

Viewing Requests

Go to Certificate Manager → Approval Requests and open the Signing Requests tab to view all signing requests. You can filter requests by status:
  • Open: Requests currently pending approval
  • Approved: Requests that have been approved and grants issued
  • Rejected: Requests that were rejected by an approver
  • Cancelled: Requests cancelled by the requester
  • Expired: Requests that exceeded their maximum TTL

Approving a Request

1

Opening the request

Press on a pending request to view its details.
2

Reviewing the request details

Review the signing access request information including:
  • Requester name
  • Signer name and certificate
  • Grant parameters (valid from/until, allowed sign operations, etc.)
  • Justification
3

Approve or add comments

If you are an eligible approver for the current step, press Approve to approve the request.
Once all required approvals for all steps are obtained, a signing grant is automatically issued and the requester can begin signing.

Rejecting a Request

1

Opening the request

Press on a pending request to view its details.
2

Rejecting with reason

If you are an eligible approver for the current step, press Reject to reject the request. Optionally add a comment explaining the rejection.
When a request is rejected, no signing grant is issued.

What’s Next?

Manage Grants

View and revoke active signing grants.

PKCS#11 Module

Use your grant with standard signing tools.