Skip to main content

Releases

The DigiCert​​®​​ Software Trust Manager release feature offers key security by confining their use to specific approved timeframes, sometimes referred to as "release windows." Within these defined timeframes, you have comprehensive control over keypairs, authorized users that can sign, and the maximum allowable signatures.

When you assign an offline key to a release, you can only sign with that key during the release window. In contrast, when you assign an online key to a release, you have more flexibility because online keys can be used to sign inside or outside of a release window.

When you sign with an online keypair that is associated with a release, all of the following factors must apply for your signatures are associated with the release:

  • The keypair associated with the release has "restricted" status and the user is mapped to the keypair or the keypair associated with the release has an "open" status.

  • User is listed as a participant of the release.

  • User has sign permission.

  • User uses the online keypair assigned to the release to sign within the release timeframe.

Anmerkung

A keypair can only be assigned to one release at a time.

Create a release

You require the Request release window permission to create a release.

To create a release:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Releases > Create release.

  4. Complete the following fields:

    Field

    Description

    Release name

    Name to uniquely identify this release.

    Anmerkung

    • Spaces are not allowed in Release names.

    • Only letters, numbers, and these characters are allowed: ., _, -.

    Version

    Enter a version number for the release. This is an optional field.

    Team

    Select a team responsible for this release.

    Anmerkung

    This field will only be displayed if the Teams feature is enabled in Account settings.

    Release purpose

    This option may be preselected based on your selection in Account settings. However, if you have checked all three of the following options in Account settings, you can select one of the following when creating a release:

    • Sign

    • Detect threats

    • Detect threats then sign

    Anmerkung

    This section is only visible if Threat detection is enabled in Account settings.

    Block signing if the CI/CD status for threat detection fails

    Select this checkbox to block signing if the threat detection scan status fails.

    Anmerkung

    This option is only editable if you have selected Specify when creating a release in Account settings.

    Project

    If the purpose of the release includes Threat detection, you are required to associate the release with a Project.

    Release status

    For offline releases, select Pending or Approved.

    Release window

    Set the timeframe of the release by selecting one of the following options:

    • Select the start date and time, as well as the duration of the release window.

    • Select the date and time range for the release window.

    Note

    Insert a custom note that can give additional details about the release. This is an optional field.

  5. Click Next.

  6. Select Add a keypair.

    Anmerkung

    If Teams are enabled in Account settings, you can assign multiple keypairs to the release. However, if teams are disabled, you can only assign one keypair to the release.

  7. Specify the following parameters to narrow down the keypairs displayed for selection on the next page.

    Field

    Description

    Keypair type

    Select GPG or standard.

    Keypair status

    Select one of the following keypair types:

    • Online

      To use online keypairs that can be used at any time by users who have access.

    • Offline

      To use offline keypairs that can only be used during a release window.

    • Test

      To use test keypairs that can be used at any time by users who have access.

    Only show keypairs with default certificates (optional)

    Select this checkbox to filter the keypair list and only select from keypairs that have default certificates.

  8. Select one or more keypair that should be used this release.

  9. Click Add.

  10. Search for and select users or groups responsible for signing with this keypair during the release.

  11. Optional: In the Maximum signatures field, limit how many signatures can be completed during this release.

  12. Optional: In the Release baseline field, select a release baseline to compare your current release to.

    Anmerkung

    If a signature does not match the baseline, we will halt the release so that you can address the issue first.

  13. In the Resources for threat detection section, select users and, or groups responsible for threat detection.

    Anmerkung

    This section is only visible if Threat detection is enabled in Account settings.

  14. Click Create release.

Update a release

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Releases.

  4. Click on the release name that you want to update.

  5. Click on the edit icon.

  6. Update the necessary fields.

  7. Click Update.

What can be updated?

The following fields can be updated for an existing release:

Release status

Release type

Fields that can be updated

Completed, Failed, or Rejected

All

Name

Version

Notes

In progress

Offline

Users with approval permission for this release can update all fields.

Other users can only update the name, version, and notes.

In progress

Online

The creator of the release window can update all fields.

Other users can only update the name, version, and notes.

Active, Pending, or Approved (releases that have not started)

All

All fields

Offline approval procedure

When the teams is enabled on your account and a user requests to create an offline release, the following approval procedure will occur:

  1. All users on the team with the permission to approve the action receives an email with the request.

  2. The approver must click View request in the email.

  3. Once the request is reviewed, the approver clicks Approve or Reject.

  4. Once the required amount of approvals are received, the offline release will be created.

Anmerkung

If one user rejects the request, the entire request will be canceled and the user has to request the release again.