Skip to main content

Documentation Index

Fetch the complete documentation index at: https://infisical.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Sign a Java JAR file using Infisical-managed keys in about 10 minutes. You’ll issue a code signing certificate, create a signer, and sign your first artifact.

Prerequisites

  • Product Admin permissions (to create CAs, policies, and profiles)
  • Java JDK 9+ (for jarsigner)
  • A JAR file to sign

Steps

1

Issue a Code Signing Certificate

First, issue a certificate for code signing. Go to Certificate Manager → Settings → Certificate Policies and click Create.
FieldValue
PresetCode Signing Certificate
Namecode-signing
Then create a profile and issue a certificate following the same flow as the Issue Certificate quick start, but using the code-signing policy.Download the certificate — you’ll need it for the signer.
2

Create a Signer

Go to Code Signing → Signers and click Create.
FieldValue
Namemy-signer
CertificateSelect the code signing certificate you just issued
Learn more about Signers →
3

Install PKCS#11 Module

Install the PKCS#11 module for your platform. This enables standard signing tools to use Infisical signers.Create a PKCS#11 config file (pkcs11.cfg):
name = Infisical
library = /path/to/infisical-pkcs11.so
4

Sign with jarsigner

Run jarsigner with the PKCS#11 provider:
jarsigner -keystore NONE -storetype PKCS11 \
  -providerClass sun.security.pkcs11.SunPKCS11 \
  -providerArg pkcs11.cfg \
  your-app.jar "my-signer"

Result

Your JAR file is now signed with your Infisical-managed key. Verify the signature: 
jarsigner -verify -verbose your-app.jar
You should see jar verified with details about the signing certificate.

Next Steps