{"id":3603,"date":"2025-02-27T20:02:58","date_gmt":"2025-02-27T20:02:58","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=3603"},"modified":"2026-01-09T10:04:20","modified_gmt":"2026-01-09T10:04:20","slug":"google-cloud-kms-for-code-signing","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/","title":{"rendered":"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide)"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">This step-by-step guide walks through using the <a href=\"https:\/\/cloud.google.com\/kms\/docs\/key-management-service\">Google Key Management Service<\/a> (KMS) secure HSM for cloud <a href=\"https:\/\/sectigostore.com\/code-signing\">code signing<\/a> with a Sectigo Code Signing Certificate<\/h2>\n\n\n\n<p>Google Cloud KMS users can now enjoy the security and familiarity of managing their <a href=\"https:\/\/sectigostore.com\/code-signing\/sectigo-code-signing-certificate\">Sectigo Code Signing Certificate<\/a> keys.<\/p>\n\n\n\n<p>This article will walk you setting up and storing your secure code signing certificate and key pair using Google Cloud KMS\u2019s <a href=\"https:\/\/www.sectigo.com\/resource-library\/root-causes-121-what-is-a-hardware-security-module\">hardware security module<\/a> (HSM).<\/p>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/sectigostore.com\/code-signing\" style=\"border-radius:3px;color:#ffffff\">Shop Code Signing Certificates<\/a><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Table of Contents: Skimmers Can Jump Ahead<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#get-started-google-kms\">How to Get Started: Buy a Code Signing Certificate<\/a><\/li>\n\n\n\n<li><a href=\"#create-key-ring\">Step #1: Create a Key Ring in Google Cloud KMS<\/a><\/li>\n\n\n\n<li><a href=\"#create-private-key-google-cloud-kms\">Step #2: Create a Public-Private Key Pair Using Google Cloud\u2019s HSM<\/a><\/li>\n\n\n\n<li><a href=\"#key-attestation\">Step #3: Download the Key\u2019s HSM Attestation Record<\/a><\/li>\n\n\n\n<li><a href=\"#generate-csr\">Step #4: Generate the Certificate Signing Request (CSR)<\/a><\/li>\n\n\n\n<li><a href=\"#submit-csr-key-attestation\">Step #5: Submit the CSR and Key Attestation Information<\/a><\/li>\n\n\n\n<li><a href=\"#start-signing\">Sign Your Code Using a Sectigo Code Signing Certificate + SignTool<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"get-started-google-kms\">How to Get Started: Buy a Sectigo Code Signing Certificate<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Google KMS + Sectigo Code Signing = Secure Key Storage for Cloud Signing<\/h3>\n\n\n\n<p>Before you can set up your Google Key Management Service (KMS) or start signing code, you first must purchase a code signing certificate. To fight the misuse of compromised signing keys, all new code signing certificates and keys must be generated and stored on FIPS-compliant hardware. <\/p>\n\n\n\n<p>Sectigo supports the following secure devices:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>YubiKey 5 FIPS Series (USB token)<\/li>\n\n\n\n<li>Luna Network Attached HSM v7.X (physical hardware)<\/li>\n\n\n\n<li>Google Cloud KMS (cloud HSM)<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/sectigostore.com\/code-signing\/sectigo-code-signing-certificate\" style=\"border-radius:3px;color:#ffffff\">Get a Sectigo Code Signing Certificate<\/a><\/div>\n\n\n\n<p>If you want to use Google KMS for your cloud signing projects, choose <strong>Install on Existing HSM<\/strong> as your Certificate Delivery Method when purchasing a Sectigo Code Signing Certificate from SectigoStore.com.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"893\" height=\"769\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-installation-option.png\" alt=\"A screenshot showing where to select an existing HSM when purchasing a code signing certificate from SectigoStore.com\" class=\"wp-image-3607\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-installation-option.png 893w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-installation-option-300x258.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-installation-option-560x482.png 560w\" sizes=\"auto, (max-width: 893px) 100vw, 893px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot that shows where you can select an Existing HSM as your Certificate Delivery Method when purchasing a new code signing certificate from SectigoStore.com.<\/em><\/figcaption><\/figure>\n<\/div><\/div>\n\n\n\n<p>Once your order is complete, you\u2019ll be taken to your account\u2019s My Orders page. Here, you\u2019ll see a link (shown below) that will take you to start the Certificate Generation process that we\u2019ll cover in <a href=\"#submit-csr-key-attestation\">Step #5<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"986\" height=\"745\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/sectigostore-orders-certgeneration-shadow.jpg\" alt=\"A screenshot from the My Orders tab on SectigoStore.com that shows where to find the Certificate Generation link\" class=\"wp-image-3615\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/sectigostore-orders-certgeneration-shadow.jpg 986w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/sectigostore-orders-certgeneration-shadow-300x227.jpg 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/sectigostore-orders-certgeneration-shadow-560x423.jpg 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/sectigostore-orders-certgeneration-shadow-940x710.jpg 940w\" sizes=\"auto, (max-width: 986px) 100vw, 986px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot that show<\/em>s<em> where to find the link to start the certificate generation process.<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"create-key-ring\">Step #1: Create a Key Ring in Google Cloud KMS<\/h2>\n\n\n\n<p>If you wish to use an existing Google Cloud KMS key ring, jump to <a href=\"#create-private-key-google-cloud-kms\">Step #2<\/a> to generate your key. Otherwise, if you need to set up a new key ring, you can do so using Google Cloud KMS\u2019s <a href=\"https:\/\/cloud.google.com\/kms\/docs\/create-key-ring\">guide to creating a key ring<\/a>.<\/p>\n\n\n\n<p><strong>NOTE: <\/strong>Be sure to grab your <a href=\"https:\/\/console.cloud.google.com\/security\/kms\/keyrings\">Google Cloud KMS <em>key_ring<\/em> value<\/a>, as you\u2019ll need this in <a href=\"#generate-csr\">Step #4<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"create-private-key-google-cloud-kms\">Step #2: Create a Public-Private Key Pair Using Google Cloud\u2019s HSM<\/h2>\n\n\n\n<p>Now that the key ring is good to go, it\u2019s time to generate a new key. In Google Cloud, make the following selections:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select <strong>HSM protection<\/strong><\/li>\n\n\n\n<li>Next, choose <strong>HSM-generated<\/strong> under the Key Material field.<\/li>\n\n\n\n<li>Click <strong>Asymmetric signing<\/strong> as the Purpose and Algorithm selections and specify <strong>3072-bit RSA \u2013 PKCS #1 v 1.5 padding \u2013 SHA256 Digest<\/strong> (recommended)<\/li>\n<\/ul>\n\n\n\n<p>Once finished, you\u2019ll see a key listing like this (3072-bit RSA key, PKCS #1 v 1.5 padding \u2013 SHA256 Digest [recommended]) in your key ring:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"520\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm-1024x520.jpg\" alt=\"A screenshot of a code signing certificate test key in Google Cloud KMS that was generated using a secure cloud HSM\" class=\"wp-image-3606\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm-1024x520.jpg 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm-300x152.jpg 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm-560x284.jpg 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm-1536x780.jpg 1536w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm-940x477.jpg 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-key-info-sm.jpg 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot of a code signing test key in Google Cloud KMS that was created using a test account.<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"key-attestation\">Step #3: Download the Key\u2019s HSM Attestation Record<\/h2>\n\n\n\n<p>The next step is to show that your key has been generated using a secure device by downloading the key attestation bundle. (You\u2019ll need this shortly, so go ahead and grab it now.)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select the three vertical dots under the \u201cActions\u201d column shown in the screenshot above.<\/li>\n\n\n\n<li>Click <strong>Verify Attestation <\/strong>in the drop-down menu.<\/li>\n\n\n\n<li>Choose the <strong>Download Attestation Bundle<\/strong> option (this is a .zip file).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"generate-csr\">Step #4: Generate the Certificate Signing Request (CSR)<\/h2>\n\n\n\n<p>Use your preferred method of CSR generation. In this case, we\u2019ll walk you through how to generate a CSR using the key you just created in OpenSSL on Linux (Ubuntu). This process involves:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Downloading and installing OpenSSL and the libengine-pkcs11-openssl package<\/li>\n\n\n\n<li>Extracting the <a href=\"https:\/\/github.com\/GoogleCloudPlatform\/kms-integrations\/releases?q=pkcs%2311&amp;expanded=true\">Google PKCS #11 library<\/a> and configuring OpenSSL to use it<\/li>\n\n\n\n<li>Setting up a YAML configuration file for the <a href=\"https:\/\/cloud.google.com\/kms\/docs\/reference\/pkcs11-openssl#pkcs_11_library_configuration\">KMS_PKCS11_CONFIG<\/a> environmental variable to point to. (<strong>NOTE:<\/strong> This is where you\u2019ll need the <em>key_ring<\/em> value you collected earlier in <a href=\"#create-key-ring\">Step #1<\/a>.)<\/li>\n\n\n\n<li>Setting up your authentication method via <a href=\"https:\/\/cloud.google.com\/iam\/docs\/workload-identity-federation\">Workload Identity Federation<\/a> or create a Service Account in Google Cloud. You can do this by selecting a project under <strong>IAM-Admin<\/strong> &gt; <strong>Service Accounts<\/strong>. This will require granting <a href=\"https:\/\/github.com\/GoogleCloudPlatform\/kms-integrations\/blob\/master\/kmsp11\/docs\/user_guide.md#authentication-and-authorization\">specific permissions to the Cloud KMS\u2019s Admin and Crypto Operator roles<\/a> and creating a new JSON key that will need to be saved to the server or computer used to generate the CSR.<\/li>\n\n\n\n<li>Setting the environmental variable so it points to the key file.<\/li>\n\n\n\n<li>Generating the CSR using a customized version of the following variable: <em>openssl req -new -subj &#8216;\/CN=Your Company Name, LLC\/&#8217; -sha256 -engine pkcs11 -keyform engine -key pkcs11:object=your_key_name &gt; code_signing_request.csr<\/em>.<ul><li>Replace the value <em>your_key_name<\/em> with the key file name (e.g., \u201ccodesigningkey\u201d rather than the resource URL, as there\u2019s a <a href=\"https:\/\/github.com\/OpenSC\/libp11\/issues\/531\">100-character limit that\u2019s notorious for errors<\/a>)<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Double check your digest algorithm matches the one you selected in <a href=\"#create-private-key-google-cloud-kms\">Step #2<\/a> when generating the key.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"has-background\" style=\"background-color:#d9d9d6\">Check out the <strong>Create the CSR<\/strong> section in our technical guide on how to\u00a0<a href=\"https:\/\/certificategeneration.com\/en\/content\/pdf\/google-kms-code-signing.pdf\">generate the CSR and download the key attestation in Google Cloud<\/a> for more specific information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"submit-csr-key-attestation\">Step #5: Submit the CSR and Key Attestation Information<\/h2>\n\n\n\n<p>To complete the certificate enrollment (<a href=\"https:\/\/help.sectigostore.com\/support\/solutions\/folders\/22000168634\">CSR generation<\/a>) process, you\u2019ll need to submit your CSR and key Attestation file(s) to Sectigo. <strong>Reminder:<\/strong> This is the .zip file you downloaded earlier in <a href=\"#key-attestation\">Step #3<\/a>.<\/p>\n\n\n\n<p>To submit your CSR and complete the certificate enrollment process, log into your account on SectigoStore.com and access My Orders. Here, you can choose the option to generate a certificate. This will take you to CertificateGeneration.com page. Here, you must:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Provide your name and organizational details<\/li>\n\n\n\n<li>Enter the organizational contact\u2019s information<\/li>\n\n\n\n<li>Add an email address (optional), if you want to receive a verification email<\/li>\n\n\n\n<li>Select your preferred certificate collection method (I\u2019ll address the specifics of this step in the bulleted list below)<\/li>\n\n\n\n<li>Agree to the Certificate Services Agreement<\/li>\n<\/ol>\n\n\n\n<p>The additional steps indicated in #4 above are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click <strong>Yes<\/strong>\u00a0in response to the question about whether the private key was generated using one of the listed secure hardware options<\/li>\n\n\n\n<li>Choose\u00a0<strong>Google Cloud KMS (Cloud HSM)<\/strong>\u00a0as your existing HSM type<\/li>\n\n\n\n<li>Copy and paste your CSR details that you generated in <a href=\"#generate-csr\">Step #4<\/a><\/li>\n\n\n\n<li>Upload your Key Attestation file(s) downloaded in <a href=\"#key-attestation\">Step #3<\/a><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"755\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/certgeneration-google-cloud-kms-selection-shadow-1024x755.jpg\" alt=\"A screenshot of the step in the certificate generation process where you make your specifications regarding the use of the Google Cloud KMS\" class=\"wp-image-3616\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/certgeneration-google-cloud-kms-selection-shadow-1024x755.jpg 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/certgeneration-google-cloud-kms-selection-shadow-300x221.jpg 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/certgeneration-google-cloud-kms-selection-shadow-560x413.jpg 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/certgeneration-google-cloud-kms-selection-shadow-940x693.jpg 940w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/certgeneration-google-cloud-kms-selection-shadow.jpg 1122w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>That\u2019s it! Now, Sectigo will begin its code signing certificate validation process; once complete, the certificate will be issued.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"start-signing\">Sign Your Code Using a Sectigo Code Signing Certificate + SignTool<\/h2>\n\n\n\n<p>The hard part is done \u2014 it\u2019s now time to enjoy the fruits of your labor. Once your code signing certificate is ready, you can start using it to sign your software executables using SignTool.<\/p>\n\n\n\n<p>To start signing software using SignTool on Windows:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Ensure you\u2019ve got the latest version of SignTool installed. If you don\u2019t, you can install SignTool as part of the <a href=\"https:\/\/developer.microsoft.com\/windows\/downloads\/windows-sdk\">Windows Software Development Kit (SDK)<\/a>.<\/li>\n\n\n\n<li>Install the latest <a href=\"https:\/\/github.com\/GoogleCloudPlatform\/kms-integrations\/releases?q=cng&amp;expanded=true\">Google Cloud KMS CNG provider release<\/a> on your device.<\/li>\n\n\n\n<li>You\u2019ll first need to authenticate your machine to Google Cloud. This will involve running Google Cloud\u2019s authentication application using the command <em>gcloud auth application-default login<\/em>.<\/li>\n\n\n\n<li>Sign your software using the following command with your customized certificate and key resource path variables: <em>signtool sign \/v \/debug \/fd sha256 \/t http:\/\/timestamp.sectigo.com \/f path\/to\/mycscertificate.crt \/csp &#8220;Google Cloud KMS Provider&#8221; \/kc projects\/PROJECT_ID\/locations\/LOCATION\/keyRings\/KEY_RING\/cryptoKeys\/KEY_NAME\/cryptoKeyVersions\/1 path\/to\/file.exe<\/em><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>This step-by-step guide walks through using the Google Key Management Service (KMS) secure HSM for cloud code signing with a Sectigo Code Signing Certificate Google Cloud KMS users can now&#8230;<\/p>\n","protected":false},"author":8,"featured_media":3608,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[318],"tags":[317,316,315],"class_list":["post-3603","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-code-signing","tag-cloud-code-signing","tag-code-signing","tag-google-cloud-kms","post-with-tags"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide) - InfoSec Insights<\/title>\n<meta name=\"description\" content=\"Learn how to generate and use a Sectigo Code Signing Certificate key with Google Cloud KMS to sign cloud projects in this step-by-step guide.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide) - InfoSec Insights\" \/>\n<meta property=\"og:description\" content=\"Learn how to generate and use a Sectigo Code Signing Certificate key with Google Cloud KMS to sign cloud projects in this step-by-step guide.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-27T20:02:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-09T10:04:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-code-signing-feature.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Casey Crane\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Casey Crane\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/\"},\"author\":{\"name\":\"Casey Crane\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/559abd5fa4d9d651eaf18d9b9e91a64c\"},\"headline\":\"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide)\",\"datePublished\":\"2025-02-27T20:02:58+00:00\",\"dateModified\":\"2026-01-09T10:04:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/\"},\"wordCount\":1295,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/google-cloud-kms-code-signing-feature.jpg\",\"keywords\":[\"cloud code signing\",\"Code Signing\",\"Google Cloud KMS\"],\"articleSection\":[\"Code Signing\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/\",\"name\":\"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide) - InfoSec Insights\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/google-cloud-kms-code-signing-feature.jpg\",\"datePublished\":\"2025-02-27T20:02:58+00:00\",\"dateModified\":\"2026-01-09T10:04:20+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/559abd5fa4d9d651eaf18d9b9e91a64c\"},\"description\":\"Learn how to generate and use a Sectigo Code Signing Certificate key with Google Cloud KMS to sign cloud projects in this step-by-step guide.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/google-cloud-kms-code-signing-feature.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/google-cloud-kms-code-signing-feature.jpg\",\"width\":1600,\"height\":1000,\"caption\":\"Feature image for an article on using Google Cloud KMS with a Sectigo Code Signing Certificate for cloud-based code signing applications\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/google-cloud-kms-for-code-signing\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/559abd5fa4d9d651eaf18d9b9e91a64c\",\"name\":\"Casey Crane\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g\",\"caption\":\"Casey Crane\"},\"description\":\"Casey is a writer and editor with a background in journalism, marketing, PR and communications. She has written about cyber security and information technology for several industry publications, including InfoSec Insights, Hashed Out, Experfy, HackerNoon, and Cybercrime Magazine.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide) - InfoSec Insights","description":"Learn how to generate and use a Sectigo Code Signing Certificate key with Google Cloud KMS to sign cloud projects in this step-by-step guide.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/","og_locale":"en_US","og_type":"article","og_title":"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide) - InfoSec Insights","og_description":"Learn how to generate and use a Sectigo Code Signing Certificate key with Google Cloud KMS to sign cloud projects in this step-by-step guide.","og_url":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/","og_site_name":"InfoSec Insights","article_published_time":"2025-02-27T20:02:58+00:00","article_modified_time":"2026-01-09T10:04:20+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-code-signing-feature.jpg","type":"image\/jpeg"}],"author":"Casey Crane","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Casey Crane","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/"},"author":{"name":"Casey Crane","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/559abd5fa4d9d651eaf18d9b9e91a64c"},"headline":"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide)","datePublished":"2025-02-27T20:02:58+00:00","dateModified":"2026-01-09T10:04:20+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/"},"wordCount":1295,"image":{"@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-code-signing-feature.jpg","keywords":["cloud code signing","Code Signing","Google Cloud KMS"],"articleSection":["Code Signing"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/","url":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/","name":"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide) - InfoSec Insights","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-code-signing-feature.jpg","datePublished":"2025-02-27T20:02:58+00:00","dateModified":"2026-01-09T10:04:20+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/559abd5fa4d9d651eaf18d9b9e91a64c"},"description":"Learn how to generate and use a Sectigo Code Signing Certificate key with Google Cloud KMS to sign cloud projects in this step-by-step guide.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-code-signing-feature.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2025\/02\/google-cloud-kms-code-signing-feature.jpg","width":1600,"height":1000,"caption":"Feature image for an article on using Google Cloud KMS with a Sectigo Code Signing Certificate for cloud-based code signing applications"},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/google-cloud-kms-for-code-signing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Use Google Cloud KMS with Sectigo Code Signing Certificates (2026 Guide)"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/559abd5fa4d9d651eaf18d9b9e91a64c","name":"Casey Crane","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c18d819d34a1995e91a4aa7518e9048df7856f336a1ede2262a572db7b1c2506?s=96&d=mm&r=g","caption":"Casey Crane"},"description":"Casey is a writer and editor with a background in journalism, marketing, PR and communications. She has written about cyber security and information technology for several industry publications, including InfoSec Insights, Hashed Out, Experfy, HackerNoon, and Cybercrime Magazine."}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/3603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=3603"}],"version-history":[{"count":10,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/3603\/revisions"}],"predecessor-version":[{"id":3918,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/3603\/revisions\/3918"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/3608"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=3603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=3603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=3603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}