Skip to main content

Credential setup for Windows

To effectively use DigiCert​​®​​ KeyLocker client tools on your Windows system, you must configure your environment variables correctly.

Review the followingprerequisites and recommended methods for credential setup.

Prerequisites

Before you begin, ensure you have the following:

Credential setup methods for Windows

There are four methods for storing your credentials. For enhanced security, you may want to follow these best practices when configuring your environment variables for SMCTL:

  • Windows Credential Manager (recommended)

    The most secure option is to store your API key and client authentication certificate password in Windows Credential Manager. It provides an added layer of protection against unauthorized access.

  • Properties file

    Alternatively, you can securely store your API key and client authentication certificate password in a properties file. This approach is also highly secure and recommended for safeguarding sensitive credentials.

  • Session-based environment variables

    For better security, set the host and client certificate file path as session-based variables. These variables are temporary and only available during your current session. This configuration reduces the risk of unauthorized access and limits exposure to your current session only.

  • Persistent environment variables

    Alternatively, you can set the host and client authentication certificate file path as persistent variables.

    Avertissement

    Storing sensitive credentials (API key, client authentication certificate password) as persistent environment variables poses a serious security risk. If you do this, anyone with system access could use your KeyLocker client tools. To protect your data and system integrity, we strongly recommend against this practice.

Credential sources prioritization

When using KeyLocker client tools, it's important to understand the order in which the tools prioritize different sources for credentials:

  1. Session-based

    The client tools check if session-based have been provided in the session.

  2. Persistent environment variables

    If session-based environment variables weren't provided, the client tools checks if persistent environment variables have been set.

  3. Properties file

    If the API key and certificate password aren't in environment variables, then the client tools check the properties file, if one has been set up.

  4. Windows Credential Manager

    If the credentials aren't found in the previous two sources, the client tools check if credentials can be found in Windows Credential Manager.

Note

Location of log files: C:\Users\<Username>\.signingmanager\logs

You can review these log files to obtain insights into which credential source was used for each execution. You can then use this information to track and ensure that the correct credentials are being used for your operations.