Setting up your HSM Client application

Your HSM client application requires setup in CodeSign Protect and in TLS Protect:

  • In CodeSign Protect, add the HSM connector. For more information, see Creating a HSM (Cryptoki) connector.
  • Setup and in TLS Protect, either add the API caller's CodeSign Protect identity to Venafi Code Signing Clients or add it to your own integration. For more information, see Setting up token authentication.

  • In your client application, call an Authorize endpoint with the codesignclient scope. For example:

    POST https://test.venafi.example/vedhsm/API/Sign/
    Authorization:Bearer 4MyGeneratedBearerTknz==
    {
       "client_id":"VenafiCodeSignClient",
       "username":"sample-cs-user",
       "password":"myPassw0rd@",
       "scope":"codesignclient"
    }
  • In the REST header of your API calls, pass the token. For example, Authorization: Bearer PKmv5x0FzxhVL/LBthxmxg==. For more information, see Passing a bearer token in your API calls.
  • There's additional help in the LibHSM documentation on your signing workstation:
    • Linux: file:///opt/venafi/codesign/html/index.html

    • macOS: file:///Library/Venafi/CodeSigning/html/index.html

    • Windows: file:///C:/Program Files/Venafi CodeSign Protect/SDK/html/index.html