Automate Code Sign Client installations (silent installation)
Automating the CyberArk Code Sign Client installation and configuration processes is ideal for mass deployments and scripted installations that require no user intervention.
You can automate the client installation on Windows, Linux, and macOS workstations by using commands, scripts, and your chosen automation tools. You can also automate the client configuration by using commands provided by the tkdriverconfig, CSPConfig, PKCS11Config, or GPGConfig utility.
NOTE If your administrator has enabled Code Signing Client Distribution, you can download all installation files by going to https://TPP-Server-Name/csc.
Windows: Automated installation and configuration commands
The following installation files are available for Windows:
-
64-bit:
CyberArkCodeSignClient-25.3.x-x64.msi -
32-bit:
CyberArkCodeSignClient-25.3.x-x86.msi -
Portable package:
CyberArkCodeSignClient-25.3.x-x64.zip
Below is an example command that installs the Code Sign Client on target Windows workstations.
cmd /c "msiexec /i c:\installs\CyberArkCodeSignClient-25.3.x-x64.msi /qn HSMSERVERURL=https://TPP_SERVER_URL/vedhsm AUTHSERVERURL=https://TPP_SERVER_URL/vedauth"
NOTE The cmd /c portion is not required but helps indicate when the process has completed.
After completing installation, you can use automation tools and the CSPConfig, PKCS11Config, or GPGConfig utility commands to configure Code Sign Clients.
Linux: Automated installation and configuration commands
The following installation files are available for Linux:
| File name | Use on |
|---|---|
|
|
ARM64 Ubuntu/Debian |
|
|
ARM64 RHEL/CentOS |
cyberark-code-sign-client-25.3.x-linux-aarch64.tar.gz
|
Any supported ARM64 |
|
|
x86_64 Ubuntu/Debian |
|
|
x86_64 RHEL/CentOS |
cyberark-code-sign-client-25.3.x-linux-x86_64.tar.gz
|
Any supported x86_64 |
The PKCS#11 files are installed in the /opt/venafi/codesign directory.
After completing installation, you can use the PKCS11Config or GPGConfig utility commands to configure Code Sign Clients.
macOS: Automated installation and configuration commands
The macOS installation file is
-
Universal installer:
CyberArk Code Sign Client v25.3.x-universal.dmg. -
Portable package:
CyberArk Code Sign Client v25.3.x-universal.tar.gz
Use the following instructions and commands as part of your automation scripts and strategy.
mkdir -p installer_mount_dir
hdiutil attach "CyberArk Code Sign Client v25.3.x-universal.dmg" -noautoopen -mountpoint installer_mount_dir
Upon completion, the configuration utilities are installed in the /Library/Venafi/CodeSigning/bin directory, with symbolic links to it in /usr/local/bin.
You can use your automation tools and the tkdriverconfig, PKCS11Config, or GPGConfig utility commands to configure Code Sign Clients.