Add Azure Trusted Signing documentation for Windows builds (#187)

faustbrian · claude · web-flow · commit 8e79847b413f · 2025-08-04T18:27:41.000+01:00
* Add Azure Trusted Signing documentation for Windows builds - Document Azure Trusted Signing as the recommended Windows code signing method - Add all required Azure environment variables with descriptions - Note that credentials are automatically stripped for security - Keep traditional certificate signing as an alternative option 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Update Azure Trusted Signing documentation with build output indicators - Add information about identifying signing method from build output - Include detailed descriptions for each Azure configuration value - Change default endpoint example to East US (more common) - Clarify the difference between certificate profile and account names 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/resources/views/docs/desktop/1/publishing/building.md b/resources/views/docs/desktop/1/publishing/building.md
@@ -96,7 +96,45 @@ NativePHP makes this as easy for you as it can, but each platform does have slig
 
 ### Windows
 
-[See the Electron documentation](https://www.electronforge.io/guides/code-signing/code-signing-windows) for more details.
+NativePHP supports two methods for Windows code signing: traditional certificate-based signing and Azure Trusted Signing.
+
+#### Azure Trusted Signing (Recommended)
+
+Azure Trusted Signing is a cloud-based code signing service that eliminates the need to manage local certificates. 
+
+When building your application, you can identify which signing method is being used:
+- **Azure Trusted Signing**: The build output will show "Signing with Azure Trusted Signing (beta)"
+- **Traditional Certificate**: The build output will show "Signing with signtool.exe"
+
+To use Azure Trusted Signing, add the following environment variables to your `.env` file:
+
+```dotenv
+# Azure AD authentication
+AZURE_TENANT_ID=your-tenant-id
+AZURE_CLIENT_ID=your-client-id
+AZURE_CLIENT_SECRET=your-client-secret
+
+# Azure Trusted Signing configuration
+# This is the CommonName (CN) value - your full name or company name
+# as entered in the Identity Validation Request form
+NATIVEPHP_AZURE_PUBLISHER_NAME=your-publisher-name
+
+# The endpoint URL for the Azure region where your certificate is stored
+NATIVEPHP_AZURE_ENDPOINT=https://eus.codesigning.azure.net/
+
+# The name of your certificate profile (NOT the Trusted Signing Account)
+NATIVEPHP_AZURE_CERTIFICATE_PROFILE_NAME=your-certificate-profile
+
+# Your Trusted Signing Account name (NOT the app registration display name)
+# This is the account name shown in Azure Trusted Signing, not your login name
+NATIVEPHP_AZURE_CODE_SIGNING_ACCOUNT_NAME=your-code-signing-account
+```
+
+These credentials will be automatically stripped from your built application for security.
+
+#### Traditional Certificate Signing
+
+For traditional certificate-based signing, [see the Electron documentation](https://www.electronforge.io/guides/code-signing/code-signing-windows) for more details.
 
 ### macOS
 
