u/ShortBoysenberry6173

I'm using Sectigo to code sign an app and since a while ago they started issuing certificates exclusively by shipping flash drives (they call them USB tokens) containing an unexportable cert. In the past you would get the PKCS#12 and it would be used in the CI/CD pipeline but they don't provide the cert as a file anymore and it can't be exported from the flash drive. Obfuscating this procedure seems like such a massive oversight on their part but anyway, does anyone have any experience with this particular issue?