diff --git a/.github/workflows/central.yml b/.github/workflows/central.yml
index f65d0e0..6e9c355 100644
--- a/.github/workflows/central.yml
+++ b/.github/workflows/central.yml
@@ -45,16 +45,22 @@ jobs:
           Write-Output "::set-output name=PFX_PATH::$pfxPath";
       - name: Sign Intiface Central Executable
         shell: pwsh
+        env:
+          PFX_KEY: ${{ secrets.NPLABS_WINDOWS_20210514_SIGNING_KEY }}
         run: |
-          & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe" sign /f .\cert.pfx /t http://timestamp.digicert.com /fd SHA256 .\build\windows\runner\Release\intiface_central.exe
+          $pfxPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "cert.pfx";
+          & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe" sign /f $pfxPath /p $env:PFX_KEY /t http://timestamp.digicert.com /fd SHA256 .\build\windows\runner\Release\intiface_central.exe
       - name: Build Innosetup Installer
         shell: pwsh
         run: |
           iscc .\intiface-central-installer.iss
       - name: Sign Innosetup Installer
         shell: pwsh
+        env:
+          PFX_KEY: ${{ secrets.NPLABS_WINDOWS_20210514_SIGNING_KEY }} 
         run: |
-          & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe" sign /f .\cert.pfx /t http://timestamp.digicert.com /fd SHA256 .\installer\intiface-central-installer.exe
+          $pfxPath = Join-Path -Path $env:RUNNER_TEMP -ChildPath "cert.pfx";
+          & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe" sign /f $pfxPath /p $env:PFX_KEY /t http://timestamp.digicert.com /fd SHA256 .\installer\intiface-central-installer.exe
       - name: Archive production artifacts
         uses: actions/upload-artifact@v3
         with: