29 March 2023 by Phillip JohnstonWhen using techniques like Code Signing, you need to implement Secure Secret Storage. Your private keys cannot be leaked, or else the whole signing and verification mechanism breaks. A common failure mode with this strategy is sharing private keys for development work. Proper key management is inconvenient, especially when you want to restrict access as much as possible. But developers need to create images and test them on-device, so they need access to the private keys to sign their images. Keys end up in git repositories, passed around via email or Slack, or uploaded to …
Continue reading “Use Different Keys for Development and Production”
To access this content, you must purchase a Membership - check out the different options here. If you're a member, log in.