Skip to main content
Sign a Java JAR file using Infisical-managed keys in about 10 minutes. You’ll issue a code signing certificate, create a signer, and sign your first artifact.

Prerequisites

  • Product Admin permissions (to create CAs, policies, and profiles)
  • Java JDK 9+ (for jarsigner)
  • A JAR file to sign

Steps

1

Issue a Code Signing Certificate

First, issue a certificate for code signing. Go to Certificate Manager → Certificate Policies and click Create.Then create a profile and issue a certificate following the same flow as the Issue Certificate quick start, but using the code-signing policy.Download the certificate. You’ll need it for the signer.
2

Create a Signer

Go to Code Signing → Signers and click Create.Learn more about Signers →
3

Install PKCS#11 Module

Install the PKCS#11 module for your platform. This enables standard signing tools to use Infisical signers.Create a PKCS#11 config file (pkcs11.cfg):
4

Sign with jarsigner

Run jarsigner with the PKCS#11 provider:

Result

Your JAR file is now signed with your Infisical-managed key. Verify the signature:
You should see jar verified with details about the signing certificate.

Next Steps