Prerequisites
- Product Admin permissions (to create CAs, policies, and profiles)
- Java JDK 9+ (for jarsigner)
- A JAR file to sign
Steps
1
Issue a Code Signing Certificate
First, issue a certificate for code signing. Go to Certificate Manager → Certificate Policies and click Create.
Then create a profile and issue a certificate following the same flow as the Issue Certificate quick start, but using the
code-signing policy.Download the certificate. You’ll need it for the signer.2
Create a Signer
3
Install PKCS#11 Module
Install the PKCS#11 module for your platform. This enables standard signing tools to use Infisical signers.Create a PKCS#11 config file (
pkcs11.cfg):4
Sign with jarsigner
Run jarsigner with the PKCS#11 provider:
Result
Your JAR file is now signed with your Infisical-managed key. Verify the signature:jar verified with details about the signing certificate.
Next Steps
- Add an approval policy for sign-off workflows
- Learn how signing access is requested and revoked
- See the full jarsigner guide for advanced options