23 年 6 月1 日之后，代码签名证书只能通过 USB Token等安全设备分发：

As of June 1, 2023, all publicly trusted code signing certificates' keys must be stored on cryptographically secure hardware (USB tokens, hardware security modules [HSMs], etc.). The goal here is to help organizations better secure their code signing certificates and keys against cybercriminals. https://codesigningstore.com/how-to-set-up-code-signing-hardware-token

使用的是 epass2003，原来的CICD 签名用的虚拟机，之前从 PVE 迁移到了 cloudpods，需要先配置下 USB 直通：USB 透传，按文档做即可。

安装完厂商给的驱动之后，RDP 远程桌面下，证书库找不到证书， cloudpods 比较小众，用 关键词： proxmox+USB Token 搜索，找到一个帖子： [PVE-User] Pass through usb eToken device on PX 5.2：

Resolved it - GlobalSign tech support couldn't figure it out, eventually found the answer on a German forum via google translate. The client software only works when you are conneced via a console, it fails to load under a RDP session. Fortunately a Spice or noVNC consle works.

类似问题：Why is remote SmartCard not found when using RDP。

使用 cloudpods 带的 vnc 进入，果然能正常找到证书。 切换到SPICE，或者再安装个novnc 来替换 RDP 即可。

更进一步扩展性、灵活性的问题，可以使用USB Network Gate、virtualhere等方案，或者考虑上Digi USB-Over-IP | AnywhereUSB Plus、国内特色：朝天椒 USB Server。

单独这个 code signing 的场景，还有DigiCert KeyLocker ， CloudHSM 。