Create Flows

Flows in CodeSign Protect allow you to enforce actions that must take place when using signing keys, when deleting Projects, or when creating, updating, or deleting Environments. There are two types of Flows available, both of which are described below.

Code Signing Flows

Code Signing Flows in Venafi CodeSign Protect define the approvals that must be granted before a signing can take place using a given private key. As such, Code Signing Flows play a critical role in ensuring that private code signing keys are used only in ways that the Code Signing Administrator authorizes.

At their most relaxed, Code Signing Flows can be configured to require no approvals at all. On the other hand, they can also be configured to require multiple levels of approvals. In most companies, a variety of Code Signing Flows are needed to account for the various levels of trust and security demanded by different projects or different phases of projects.

Once created, Code Signing Flows can optionally be assigned to Environment Templates. If assigned to an Environment Template, any Environment that uses that Environment Template is subject to the restrictions set in the Flow. Flows can also be selected directly in Environments themselves.

Code Signing Change Management Flow

Code Signing Change Management Flows allow Code Signing Administrators to use flows to enforce approvals for any of the following:

  • To delete a Project

  • To delete an Environment from a Project

  • To create a new Environment in a Project

  • To edit an existing Environment in a Project

The Flows for each of these scenarios can be set individually, giving Code Signing Administrators the ability to manage the different scenarios as their needs dictate. Similarly, the same flow can be used for any number of these scenarios if that's what is needed.

Change Management Flows are set at the global project level, and as such, they apply to all Projects and Environments. The default Change Management Flow requires no approvals. Follow the steps in this section to create a Flow that includes approvals.

IMPORTANT  Change Management Flows are invoked only when the change is submitted via the UI. Requests submitted via the Web SDK will not invoke Change Management Flows. For information on restricting Web SDK access, see Limiting Web SDK access.

Next steps

To get started configuring Flow, first become familiar with the Flow user interface. From there, you can configure Code Signing Flows and Change Management Flows. Once the Flows are in place, you can assign them as necessary.