Code Signing Question

Good Day All,

I believe this to be a proper location for this inquiry, but if I am off base please feel free to shame me.

Essentially I work for a SMB that provides financial software. We are looking to roll out a “backup program” written entirely in Powershell. Essentially the code is going to capture clients data out of a certain folder/location and transmit this data to AWS S3 buckets (The IAM rules are written to only allow object:put to buckets and the keys would be stored on the local machine, encrypted, and only to be ran under a specified user profile). All the Powershell code has been tested and works well, (We have written pester tests/tested with dummy data to ensure the code is working how we want.) The item I am thinking of now would be signing the code so it can be executed on over 30 client machines not within our domain or environment. My boss doesn’t want to perform this step, but I see no other way, especially since this code will be ran in a multiple and different environments (Some with AV/Domain/etc..). Additionally, I would prefer to have it signed, since this is transmitting critical data and I do not want the code tampered with.

Yes, I understand that this may not be the best idea, but I am working with what I have here which isn’t much, so please if you have suggestions I am all ears for what I can do better.

Thanks in advance and sorry if this post is a wall of text,


submitted by /u/CaffinatedSquirrel
[link] [comments]

Leave a Reply