Cloud HSM: A Secure Way to Sign Microsoft Windows Artifacts
Security features for creating, managing, and limiting access to cryptographic keys are offered by Google Cloud‘s Cloud Key Management System (KMS)
Hosting encryption keys and conducting cryptographic operations in a cluster of FIPS 140-2 Level 3 certified HSMs is possible with Cloud HSM, a cloud-hosted Hardware Security Module (HSM) service
Additional HSM features, such single-tenancy, are available through Google Cloud. Customers can host their own HSMs in the space given by Google with the help of Bare Metal Rack HSM
Google Cloud just released support for Cloud KMS signing. This feature allows you to secure your keys using Cloud HSM and SignTool to sign code on Microsoft assets
With FIPS 140-2 Level 3 guarantees, cloud HSM safeguards your signature keys, Additionally, by only charging for the keys you use, it can lower your infrastructure and operating expenses
SignTool can be used to cryptographically sign your artifact once you have installed your CNG provider, generated a key in Cloud HSM, and obtained your certificate
In Cloud HSM, the servers housing the HSM hardware are shielded from illegal operations, the signature keys are designated as non-extractable, and the hardware is not directly connected to any network