cloud-sql-proxy icon indicating copy to clipboard operation
cloud-sql-proxy copied to clipboard
verified publisher icon GoogleCloudPlatform

Sign Windows binaries with a digital certificate

Open jackwotherspoon opened this issue 1 year ago • 1 comments

Supply chain security often requires binaries to be verified prior to use.

The current recommended way is to use the sha256 sums from the releases page to verify against the installed binary.

However, this may not be ideal for organizations looking to automate this process as the shasums will change release to release.

A separate solution for Windows would be to sign the binaries with a digital certificate that specifies the binary was signed and built by Google.

jackwotherspoon avatar Jul 23 '24 12:07 jackwotherspoon

Possibly helpful: https://stackoverflow.com/questions/252226/signing-a-windows-exe-file.

enocom avatar Jul 23 '24 14:07 enocom

Starting from proxy version 2.17.1, the Windows Auth Proxy binaries are signed with Google certificates 🎉🎉

kgala2 avatar Jul 24 '25 21:07 kgala2

How do customers verify the binary's signature? We should add some guidance in the README. @kgala2

enocom avatar Jul 28 '25 15:07 enocom