Default Flows tab

Signing Flows

To remove the option for Key Use Approvers to allow unlimited signings when approving a signing request, check the Approvers may not allow unlimited signings upon signing request approval checkbox in this section. With this checked, the Unlimited Use radio button (outlined in the screenshot below) will be removed from the Signing Request approval screen entirely.

If you leave Unlimited Use enabled, Key Use Approvers will be required to select a date and time when the unlimited key use approval expires.

Create, Update, and Delete Flows

The Create, Update, and Delete sections specify the Flows invoked when certain actions are taken on a Project or Environment.

By default, the Flows that are assigned require no approvals. If you want to add approval steps for any of the actions explained below, you'll need one or more Change Management Flows with the approval settings you want.

EXAMPLE  Suppose you wanted to enforce Code Signing Administrator approval anytime a new Environment is added or deleted, and Project Owner approval anytime an existing Environment is changed. You also want a Code Signing Administrator to have to approve Project deletions.

First, you'd create two Change Management Flows—we'll call those Flows "Administrator Approval" and "Owner Approval." The Administrator Approval Flow would have an "Administrator" approval action, and the Owner Approval Flow would have a "Standard" approval action with the Attribute set to Owner.

Next, you assign the Flows in the Default Flows tab of Global Code Signing properties. For Create and Delete, you assign the Administrator Approval Flow. For Update, you assign the Owner Approval Flow.

If you want to use Flows that enforce approvals, and those Flows aren't in place yet, start by creating them. Once they are in place, return here to assign them. You can assign Flows by clicking the drop-down selector for any of the options described below, and then selecting the Flow.

Create

The Create section sets the Flow that is invoked anytime an Environment is added to a Project. This Flow is invoked no matter what state the Project itself is in. If the Flow requires approvals, the Environment will be in the Disabled status until the approval is given. Once approved, it moves to the Enabled state.

If the Create Flow requires approvals, approvers will be notified anytime a new Environment is added to any Project. Approvers should follow the instructions in Approving or rejecting changes to CodeSign Protect Environments to take action on the request.

Update

The Update section sets the Flow that is invoked anytime an existing Environment is changed. This Flow is invoked no matter what state the Project itself is in. If the Flow requires approvals, the Environment remains Enabled in its original configuration while awaiting approval. Once the approval is given, the updates to the Environment take effect.

If the Update Flow requires approvals, approvers will be notified anytime a new Environment is added to any Project. Approvers should follow the instructions in Approving or rejecting changes to CodeSign Protect Environments to take action on the request.

Delete

The Delete section sets the Flows that are invoked anytime an Environment or a Project is deleted. If the Flow requires approvals, approvers will be notified anytime a Project or Environments deletion request is received. Approvers should follow the instructions in Approving or Rejecting a Project deletion request to take action on the request.

When an Environment is deleted, it remains in the Enabled state until the deletion is approved. Once approved, the Environment, its associated certificates, and keys are deleted.

When a Project is deleted, it is put in the Pending Deletion Approval state. In this state, none of the Environments are enabled. Once the deletion is approved, the Project and all its Environments are deleted.