Create GitHub Action to automatically sign scripts in the main branch #1
Assignees
Labels
enhancement
New feature or request
Comments
|
on hold pending future discussions with PKI admins. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently scripts are disabled on all systems, and for good reason. We do not want rogue scripts running on our systems. However, this means whenever we as admins want to run scripts on our or other user's systems, we need to either temporarily unrestrict this setting or open the script and copy paste into a terminal window.
By setting up an action to sign our scripts auto-magically, we can change the default execution policy to AllSigned and add our signing cert as a trusted publisher to all systems. This allows us to run scripts that we write (and push to this repository), while still preventing all other scripts from being run.
We'll need to work with the PKI Admins for the certificate side, but if we can push this through it would be a huge boon.
The text was updated successfully, but these errors were encountered: