cicd-integrations
2025.10
true
- Overview
- UiPath CLI
- About UiPath CLI
- Downloading UiPath CLI
- Compatibility matrix
- Running UiPath CLI
- Managing NuGet feeds
- Test Manager Support
- Packing projects into a package
- Signing project packages
- Analyzing a project
- Deploying a package to Orchestrator
- Running a job inside Orchestrator
- Testing a package or running a test set
- Testing multiple packages
- Deploying assets to Orchestrator
- Deleting assets from Orchestrator
- Running tasks using JSON configuration
- Restoring automation dependencies
- Troubleshooting UiPath CLI
- Azure DevOps extension
- Jenkins plugin
CI/CD integrations user guide
Last updated Nov 18, 2025
Signing Project Packages
UiPath CLI 25.10 introduces the ability to digitally sign automation project packages during the pack operation. Package signing provides authenticity verification and ensures that packages have not been tampered with after creation, enhancing security in your CI/CD pipeline.
When you sign a project package, the CLI:
- Creates the
.nupkgpackage file - Applies a digital signature using your certificate
- Optionally timestamps the signature for long-term validity
Supported certificate types
The CLI supports PKCS#12 (.pfx) certificate format.
Important:
The certificate must:
- Include a private key for signing
- Be valid (not expired)
- Have code signing capabilities
Parameters
The package pack command supports the following signing parameters:
| Parameter | Description | Required |
|---|---|---|
--certificatePath | Path to the certificate file (.pfx) | Yes (if signing) |
--certificatePassword | Password for the certificate file | No |
--timestampServerUrl | URL of the RFC 3161 timestamp server | No |
Usage examples
Basic signing with certificate
# Windowsuipcli package pack "C:\Projects\MyRobot\project.json" ` -o "C:\Packages" ` --certificatePath "C:\Certificates\codesign.pfx" ` --certificatePassword "YourPassword123"# Linux/macOSuipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123"# Windowsuipcli package pack "C:\Projects\MyRobot\project.json" ` -o "C:\Packages" ` --certificatePath "C:\Certificates\codesign.pfx" ` --certificatePassword "YourPassword123"# Linux/macOSuipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123"Signing with timestamp server
Adding a timestamp ensures the signature remains valid even after the certificate expires.
uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123" \ --timestampServerUrl "http://timestamp.digicert.com"uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123" \ --timestampServerUrl "http://timestamp.digicert.com"Signing with version and output type
uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ -v "1.0.5" \ --outputType "Process" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123" \ --timestampServerUrl "http://timestamp.digicert.com"uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ -v "1.0.5" \ --outputType "Process" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123" \ --timestampServerUrl "http://timestamp.digicert.com"Signing with passwordless certificate
uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --certificatePath "./certificates/codesign.pfx"uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --certificatePath "./certificates/codesign.pfx"Signing with Orchestrator library dependencies
uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --libraryOrchestratorUrl "https://cloud.uipath.com/" \ --libraryOrchestratorTenant "Default" \ -A "myorg" \ -I "becc663c-8f1e-409a-a75f-c00330d80bc8" \ -S "********" \ --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123" \ --timestampServerUrl "http://timestamp.digicert.com"uipcli package pack "./MyRobot/project.json" \ -o "./packages" \ --libraryOrchestratorUrl "https://cloud.uipath.com/" \ --libraryOrchestratorTenant "Default" \ -A "myorg" \ -I "becc663c-8f1e-409a-a75f-c00330d80bc8" \ -S "********" \ --libraryOrchestratorApplicationScope "OR.Folders OR.Execution" \ --certificatePath "./certificates/codesign.pfx" \ --certificatePassword "YourPassword123" \ --timestampServerUrl "http://timestamp.digicert.com"Recommended timestamp servers
Using a timestamp server is recommended to ensure signatures remain valid after certificate expiration:
http://timestamp.digicert.com- DigiCerthttp://timestamp.comodoca.com- Sectigo (Comodo)http://timestamp.globalsign.com- GlobalSignhttp://timestamp.sectigo.com- Sectigo
Best practices
Secure certificate storage
- Never commit certificates to version control
- Use secure storage solutions:
- Azure Key Vault
- AWS Secrets Manager
- HashiCorp Vault
- GitHub Secrets / Azure DevOps Secure Files
- CI/CD platform secret management
Environment variables
- Use environment variables or secrets management for passwords
- Avoid hardcoding sensitive information in scripts
Timestamp usage
- Always use a timestamp server in production environments
- Timestamps ensure signature validity beyond certificate expiration
Certificate management
- Use dedicated code signing certificates
- Rotate certificates before expiration
- Maintain certificate backups securely
