Code signing: Specify certificate password as an environment variable

[vyunikov]

signtool on Windows supports specifying password as an environment variable. For example, I can run the following command and it will successfully sign the executable:

signtool.exe sign /a /f "path\to\a\pfx\file" /p "%SOME_ENV_VAR_WITH_PWD%" "exe_name.exe"

But when Squirrel gets called with --signWithParams arg and the command line I specified above, it fails:

System.AggregateException: One or more errors occurred. ---> System.Exception: Failed to sign, command invoked was: '...\node_modules\electron-winstaller\vendor\signtool.exe sign /a /f "...\tmp_signing_cert.pfx" /p "%CERT_PASSWORD%" exe_name.exe'
   at Squirrel.Update.Program.<signPEFile>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Squirrel.Update.Program.<>c__DisplayClass10_0.<<Releasify>b__14>d.MoveNext()
-

As a note, I am not using Squirrel directly, I use electron-forge, but I tracked it down and looks like electron-forge passes the exact command line mentioned above.