codesign use of Cloud-managed Developer ID

My non-cloud Developer ID certificate will expire soon, and my account also has a cloud-managed Developer ID Certificate. My Mac application build workflow uses Archiving, so the cloud cert should be fine for that. But my workflow also signs bundled apps, such as Sparkle framwork's Autodupate app, using the codesign tool.

Is it correct that codesign only uses certificates from the local Keychain, and so cannot use a Cloud-managed Developer ID certificate?

Before I manually renew the non-cloud Developer ID certificate, I want to make sure I'm not missing some easier method. Thanks.

codesign use of Cloud-managed Developer ID
 
 
Q