The architecture behind secure, scalable code signing
The architecture behind secure, scalable code signing
SignPath was built from the ground up for deep integration, security, and auditability — whether in the cloud, on-premises, or hybrid. Here’s how it works.
SignPath was built from the ground up for deep integration, security, and auditability — whether in the cloud, on-premises, or hybrid. Here’s how it works.
Core platform components
Core platform components
SignPath Core
SignPath Core
Manages signing requests, policy enforcement, audit logs, and workflow approvals. Stateless and horizontally scalable.
Manages signing requests, policy enforcement, audit logs, and workflow approvals. Stateless and horizontally scalable.
Connector APIs
Connector APIs
CI/CD integrations (e.g. GitHub, Jenkins, GitLab, Azure DevOps) send signing requests and retrieve results.
CI/CD integrations (e.g. GitHub, Jenkins, GitLab, Azure DevOps) send signing requests and retrieve results.
Key Vault / HSM
Key Vault / HSM
Private keys stored securely. Can be hosted by SignPath or managed by the customer. FIPS 140-2 Level 3 compliant.
Private keys stored securely. Can be hosted by SignPath or managed by the customer. FIPS 140-2 Level 3 compliant.
Approval System
Approval System
Optional approval steps built into the workflow. Supports pre-approvals, role-based reviews, time windows, and more.
Optional approval steps built into the workflow. Supports pre-approvals, role-based reviews, time windows, and more.
Artifact Processing
(DeepSign/MacroSign only)
Artifact Processing
(DeepSign/MacroSign only)
File uploads are unpacked, scanned (malware/metadata), and validated before signing.
File uploads are unpacked, scanned (malware/metadata), and validated before signing.
CI/CD integration
CI/CD integration
REST API for signing hash or artifact requests
REST API for signing hash or artifact requests
Dedicated CI/CD plugins and scripts available
Dedicated CI/CD plugins and scripts available
Works with Jenkins, GitHub Actions, GitLab CI, Azure Pipelines, TeamCity & more
Works with Jenkins, GitHub Actions, GitLab CI, Azure Pipelines, TeamCity & more
Typical use: post-build, pre-deploy step
Typical use: post-build, pre-deploy step
Return values: signed file, signature hash, or error trace
Return values: signed file, signature hash, or error trace
Key management and security
Key management and security
Private keys never leave the HSM
Private keys never leave the HSM
Crypto operations done inside HSM or CSP (Crypto Service Provider)
Crypto operations done inside HSM or CSP (Crypto Service Provider)
Access control per user, per certificate
Access control per user, per certificate
Policy validation before any signing request is processed
Policy validation before any signing request is processed
Audit logs include calling system, user, IP, request parameters, signing outcome
Audit logs include calling system, user, IP, request parameters, signing outcome
Supported certificate types
Supported certificate types
Deployment models
Deployment models
SaaS (default)
SaaS (default)
Hosted and maintained by SignPath (EU-based, GDPR-compliant). Connects to your CI/CD via API.
Hosted and maintained by SignPath (EU-based, GDPR-compliant). Connects to your CI/CD via API.
Self-hosted
Self-hosted
Run SignPath inside your own environment. Ideal for high-security industries (e.g. Aerospace, Defense).
Run SignPath inside your own environment. Ideal for high-security industries (e.g. Aerospace, Defense).
Hybrid
Hybrid
Use our SaaS platform while managing your own keys or approval systems.
Use our SaaS platform while managing your own keys or approval systems.
Audit & compliance
Audit & compliance
Full audit trail of every signing operation
Full audit trail of every signing operation
Exportable logs with hash, file ID, user ID, source, time, policy matched
Exportable logs with hash, file ID, user ID, source, time, policy matched
Policy change history
Policy change history
Optional tamper-proof log archiving (WORM)
Optional tamper-proof log archiving (WORM)
Designed to support compliance with:
Designed to support compliance with:
ISO 27001
NIS 2
SOC 2
EU 14144
Executive Order 14028 (US)
Executive Order 14028 (US)
Trusted by Global Leaders
"With SignPath, we significantly improved our software security, simplified our signing processes, and easily achieved regulatory compliance."
Trusted by Global Leaders
"With SignPath, we significantly improved our software security, simplified our signing processes, and easily achieved regulatory compliance."
GET STARTED TODAY
You don’t have to choose between speed and security. With DeepSign, you get both—plus transparency, trust, and traceability.
GET STARTED TODAY
You don’t have to choose between speed and security. With DeepSign, you get both—plus transparency, trust, and traceability.
GET STARTED TODAY
You don’t have to choose between speed and security. With DeepSign, you get both—plus transparency, trust, and traceability.
Quick links
Contact
info@signpath.io
SignPath GmbH
Gonzagagasse 11/23
1010 Vienna, Austria
Quick links
Contact
info@signpath.io
SignPath GmbH
Gonzagagasse 11/23
1010 Vienna, Austria
Quick links
Contact
info@signpath.io
SignPath GmbH
Gonzagagasse 11/23
1010 Vienna, Austria