Posting this right here as I belive that this is a generic issue.
Right now if you do app development in most cases you are also code signing the app, using your favorite tool and a private key.
Since February, due to Microsoft adopting a new set of standards, issuers are obliged to deliver the digital certificates on hardware mediums aka USB tokens
Minimum Requirements for Code Signing
While this works great for physical servers, on cloud environments supporting a USB interface is not as practical, for example Amazon does not support it, thus making the below use case unfeasible.
Server receives a request for a particular client app, based on the request param's server changes the app's resources then code signs it, replying with the final result.
Any opinions on this are welcomed.