Code signing is a critical security measure for desktop and mobile applications, ensuring that users can trust the software they download and install. While code signing is mandatory for mobile apps on platforms like the Google Play Store and App Store, it is less common but equally important for desktop applications, where unsigned binaries may trigger security prompts. The process involves embedding a signature within the binary or using file hashes and signatures, depending on the operating system. Maintaining the security of signed certificates is paramount, and they should be stored locally rather than in the cloud. Self-hosted runners can facilitate secure code signing in CI/CD pipelines by keeping certificates on machines controlled by the development team, allowing CircleCI jobs to sign packages without compromising security. The text provides guidance on setting up self-hosted runners on various platforms and describes specific procedures for code signing on Linux, macOS, and Windows. This approach balances the speed of CircleCI Cloud with the security of local infrastructure, ensuring sensitive workloads remain protected while enabling efficient application distribution.