Lazy Minting/EIP712 - how to get Signature from Minter_role

So I've been doing a lot of reading on Lazy Minting, and I watched the video on it, and looked at the workshop. I think I understand everything except for one part.

How does the minter_role address sign the message for the user? In the hardhat tests, they make the account and assign the role in the test, but I don't think that works for a live app, and putting a private key is a security risk.