I am about to renew my certificate now. A year ago I gave up on Sectigo and bought an expensive DigiCert certificate, time is money, after all.
DigiCert has introduced a "DigiCert KeyLocker" that is a some cloud key storage.
I have skimmed through the docs and so far I do not understand how this works, particularily with SetupBuilder, which manages all my signings today.
Futhermore, there is a limitation of 1000 signs per key. Probably enough, but when I have signed 20 files in a setup, I can't batch build and prepare installs for every version anymore.

Is it possible to use DigiCert code signing with Digicert KeyLocker, or should I go for the hardware token? I don't understand how hardware token works either, please excuse my ignorance.

(Man, how I miss the days where I could concentrate my efforts on developing applications)