Credential setup for Windows
To effectively use DigiCert® Software Trust Manager client tools on your Windows system, you must configure your environment variables correctly.
Review the followingprerequisites and recommended methods for credential setup.
Prerequisites
Before you begin, ensure you have the following:
DigiCert ONE host
To learn more, see Host environment.
To learn more, see Create an API key.
DigiCert ONE Client authentication certificate path
DigiCert ONE Client authentication certificate password
Credential setup methods for Windows
There are four methods for storing your credentials. For enhanced security, you may want to follow these best practices when configuring your environment variables for SMCTL:
Windows Credential Manager (recommended)
The most secure option is to store your API key and client authentication certificate password in Windows Credential Manager. It provides an added layer of protection against unauthorized access.
Alternatively, you can securely store your API key and client authentication certificate password in a properties file. This approach is also highly secure and recommended for safeguarding sensitive credentials.
Session-based environment variables
For better security, set the host and client certificate file path as session-based variables. These variables are temporary and only available during your current session. This configuration reduces the risk of unauthorized access and limits exposure to your current session only.
Persistent environment variables
Alternatively, you can set the host and client authentication certificate file path as persistent variables.
Warning
Storing sensitive credentials (API key, client authentication certificate password) as persistent environment variables poses a serious security risk. If you do this, anyone with system access could use your Software Trust client tools. To protect your data and system integrity, we strongly recommend against this practice.
Credential sources prioritization
When using Software Trust client tools, it's important to understand the order in which the tools prioritize different sources for credentials:
Session-based
The client tools check if session-based have been provided in the session.
Persistent environment variables
If session-based environment variables weren't provided, the client tools checks if persistent environment variables have been set.
Properties file
If the API key and certificate password aren't in environment variables, then the client tools check the properties file, if one has been set up.
Windows Credential Manager
If the credentials aren't found in the previous two sources, the client tools check if credentials can be found in Windows Credential Manager.
Note
Location of log files: C:\Users\<Username>\.signingmanager\logs
You can review these log files to obtain insights into which credential source was used for each execution. You can then use this information to track and ensure that the correct credentials are being used for your operations.