ContextQMD
Back to Infisical

Signing Requests

docs/documentation/platform/pki/code-signing/signing-requests.mdx

0.160.13.2 KB
Original Source

When a Signing Policy is attached to a signer, users and machine identities must request signing access before they can sign. This page explains how to request access and how approvers review those requests.

<Info> If a signer has no signing policy attached, signing is allowed immediately without a request/approval flow. </Info>

Requesting Signing Access

Go to Certificate Manager → Approval Requests and open the Signing Requests tab. Click Request Signing Access.

<Steps> <Step title="Selecting a signer and configuring parameters"> Select the signer you want to use. The form will automatically load the constraints associated with that signer's policy. 
Depending on the policy constraints, provide the required parameters:

- **Valid From / Valid Until**: If the policy defines a max window duration, specify the time range for when you need signing access.
- **Allowed Sign Operations**: If the policy defines a max signings count, specify how many signing operations you need.
- **Justification**: Optionally provide a reason for the request (e.g., "Release v2.4.0 signing").
</Step> <Step title="Submitting the request"> Press **Submit** to create the request. Eligible approvers will be notified. </Step> </Steps>

Viewing Requests

Go to Certificate Manager → Approval Requests and open the Signing Requests tab to view all signing requests. You can filter requests by status:

  • Open: Requests currently pending approval
  • Approved: Requests that have been approved and grants issued
  • Rejected: Requests that were rejected by an approver
  • Cancelled: Requests cancelled by the requester
  • Expired: Requests that exceeded their maximum TTL

Approving a Request

<Steps> <Step title="Opening the request"> Press on a pending request to view its details. </Step> <Step title="Reviewing the request details"> Review the signing access request information including: - Requester name - Signer name and certificate - Grant parameters (valid from/until, allowed sign operations, etc.) - Justification </Step> <Step title="Approve or add comments"> If you are an eligible approver for the current step, press **Approve** to approve the request. </Step> </Steps>

Once all required approvals for all steps are obtained, a signing grant is automatically issued and the requester can begin signing.

Rejecting a Request

<Steps> <Step title="Opening the request"> Press on a pending request to view its details. </Step> <Step title="Rejecting with reason"> If you are an eligible approver for the current step, press **Reject** to reject the request. Optionally add a comment explaining the rejection. </Step> </Steps>

When a request is rejected, no signing grant is issued.

What's Next?

<CardGroup cols={2}> <Card title="Manage Grants" icon="key" href="/documentation/platform/pki/code-signing/grants"> View and revoke active signing grants. </Card> <Card title="PKCS#11 Module" icon="plug" href="/documentation/platform/pki/code-signing/pkcs11-module"> Use your grant with standard signing tools. </Card> </CardGroup>