Create Flows
Flows in CodeSign Protect allow you to enforce actions that must take place when using signing keys or when deleting Projects or Environments. There are two types of Flows available:
Code Signing Flows
Code Signing Flows in Venafi CodeSign Protect define the approvals that must be granted before a signing can take place using a given private key. As such, Code Signing Flows play a critical role in ensuring that private code signing keys are used only in ways that the Code Signing Administrator authorizes.
At their most relaxed, Code Signing Flows can be configured to require no approvals at all. On the other hand, they can also be configured to require multiple levels of approvals. In most companies, a variety of Code Signing Flows are needed to account for the various levels of trust and security demanded by different projects or different phases of projects.
Once created, Code Signing Flows can optionally be assigned to Environment Templates. If assigned to an Environment Template, any Environment that uses that Environment Template is subject to the restrictions set in the Flow. Flows can also be selected directly in Environments themselves.
Currently, Venafi CodeSign Protect supports creating Code Signing Flow approvals based on a defined approver or approver group, or based on the Project Owner and Key Use Approver roles associated with the Code Signing Project.
Object Delete Flows
Object Delete Flows allow Code Signing Administrators to require approvals before any Project or Environment can be deleted. Deleting Projects and Environments should be closely monitored since such deletions also delete any associated private keys. Using an Object Delete Flow that requires one or more approvals helps ensure that only unneeded Projects and Environments get deleted.
An Object Delete Flow is set at the global project level, and as such, it applies to all Projects and Environments. The default Object Delete Flow requires no approvals for a Project or Environment to be deleted. Follow the steps in this section to create a Flow that includes approvals.