The NuGet actions in Continua are a wrapper around the nuget command line. If you're having trouble using any of the NuGet actions, please refer to the Command Line Reference.

The NuGet Sign action is used to sign a NuGet package with a X.509 certificate to provide protection against content tampering.

NuGet Sign


A friendly name for this action (will be displayed in the actions workflow area).


Determines if this action will be run within the relevant stage.


The paths to one or more .nupkg package files to sign. One path per line.

Output Directory

The directory where the signed package should be saved. By default, the original package is overwritten by the signed package. [-OutputDirectory]

Command Line Version

Select the version of the NuGet command line that is installed on the agent. Some other settings and options may be unavailable depending which the command line version is selected.


The Using drop down is populated with any property collector whose namespace matches the pattern defined by the NuGet Spec action. The pattern for this action is ^NuGet.*

If you create a property collector for this action, make sure you select the Path Finder PlugIn type and give it a name that will match the pattern above in blue. Example names listed here, search the table's Plugin column for "NuGet Spec".

For more in-depth explanations on property collectors see Property Collectors.

Alternatively, you can select the Custom option from the Using drop down list and specify a path in the resulting input field that will be displayed. Please read Why it's a good idea to use a property collector before using this option.



The path to a X.509 certificate file to be used to sign the package.  [-CertificatePath]

Store Location 

The location of the X.509 certificate store used to search for the certificate. This defaults to 'CurrentUser', the certificate store for the user the agent service is running under. [-CertificateStoreLocation]

Store Name

The name of the X.509 certificate store used to search for the certificate. This defaults to 'My', the certificate store for personal certificates. [-CertificateStoreName]

Subject Name

The subject name of the certificate used to search for the certificate. The search is a case-insensitive string comparison using the supplied value, which will find all certificates with the subject name containing that string, regardless of other subject values. [-CertificateSubjectName]


The SHA-1 fingerprint of the certificate used to search a local certificate store for the certificate. [-CertificateFingerprint]


The password associated with the certificate. [-CertificatePassword]


Configuration File

A specific NuGet configuration file to use. Leave blank to use %AppData%\NuGet\nuget.config. [-ConfigFile]

Hash Algorithm

The hash algorithm to used to sign the package. Default is SHA256. [-HashAlgorithm]


URL to an RFC 3161 timestamping server. [-Timestamper]

Timestamp Hash Algorithm

Hash algorithm to be used by the RFC 3161 timestamp server. Default is SHA256. [-TimestampHashAlgorithm]

Overwrite current signature

If not ticked, the command will fail if the package already has a signature. [-Overwrite]



How much information should the command line output? [-Verbosity]

Force English output

Forces the command line to run using an invariant, English-based culture. [-ForceEnglishOutput]

Timeout (in seconds)

How long to wait for the action to finish running before timing out. Leaving this blank (or zero) will default to 86400 seconds (24 hours).

Treat failure as warning

Tick to continue build on failure marking the action with a warning status.

Ignore warnings

If this is ticked, any warnings logged will not mark the action with a warning status.


Environment Variables

Multiple environment variables can be defined - one per line. These are set before the command line is run.

Log environment variables

If this is ticked, environment variable values are written to the build log. 

Generate system environment variables

Tick this checkbox to set up a list of new environment variables prefixed with 'ContinuaCI.' for all current system expression objects and variables.

Mask sensitive variable values in system environment variables

This checkbox is visible only if the 'Generate system environment variables' checkbox is ticked.

If this is ticked, the values of any variables marked as sensitive will be masked with **** when setting system environment variables. Clear this to expose the values.

  • No labels