I am about to use AzureSignTool for one of the project related to code-signing. I was going through the documentation and it mentions that while running the AzureSignTool command, it requires an argument "-kvs" which is essentially the secret created in the app registration.

Since we are getting away from the Secrets in App registration, and starting to use Certificates instead, how can I use the Certificate instead of the secrets?