Digitally signing PDFs
This guide shows how to digitally sign PDFs generated by bino.
You will create a SigningProfile, link it to a ReportArtefact, and verify the result.
1. Prepare certificates
Section titled “1. Prepare certificates”Obtain or generate a signing certificate and private key in PEM format.
Store them in a secure directory such as certs/ inside your project (do not commit secrets to source control).
2. Create a signing profile
Section titled “2. Create a signing profile”---
apiVersion: bino.bi/v1alpha1
kind: SigningProfile
metadata:
name: corporateSigner
spec:
certificate:
path: ./certs/corporate-cert.pem
privateKey:
path: ./certs/corporate-key.pem
digestAlgorithm: sha256
certType: approval
docMDPPerm: form-fill-sign
signer:
name: "Group Controlling"
location: "Headquarters"
reason: "Approved financial statements"
contact: "controlling@example.com"3. Link profile to an artefact
Section titled “3. Link profile to an artefact”---
apiVersion: bino.bi/v1alpha1
kind: ReportArtefact
metadata:
name: annual_report
spec:
filename: annual-report.pdf
title: "Annual Financial Report"
language: en
signingProfile: corporateSigner4. Build and verify
Section titled “4. Build and verify”Run a build:
bino build --include annual_reportOpen the resulting PDF in a viewer that supports digital signatures and verify that the signature details match the profile. Use placeholder screenshots in your docs to show the expected signature status.