-
-
Notifications
You must be signed in to change notification settings - Fork 70
Certificates renewal
rgaudin edited this page Nov 26, 2024
·
1 revision
The CI and CD workflows require several Apple-provided certificates and info to work.
Secret Name | Name | Origin | Expiry | Requires Account Holder? | Used in External CI? |
---|---|---|---|---|---|
APPLE_STORE_AUTH_KEY |
App Store Connect API Key | https://appstoreconnect.apple.com/access/integrations/api | Never expires | Yes | Yes |
APPLE_STORE_AUTH_KEY_ID |
App Store Connect API Key ID | https://appstoreconnect.apple.com/access/integrations/api | - | - | Yes |
APPLE_STORE_AUTH_KEY_ISSUER_ID |
App Store Connect API Key Issuer ID | https://appstoreconnect.apple.com/access/integrations/api | - | - | Yes |
APPLE_DEVELOPMENT_SIGNING_CERTIFICATE |
Apple Development Certificate | https://developer.apple.com/account/resources/certificates/list | 1 year | No | Yes |
APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD |
Apple Development Certificate Password | - | - | Yes | |
APPLE_DEVELOPMENT_SIGNING_IDENTITY |
Apple Development Signing Identity | Certificate (based on creator) | - | - | No |
APPLE_DISTRIBUTION_SIGNING_CERTIFICATE |
Apple Distribution Certificate | https://developer.apple.com/account/resources/certificates/list | 1 year | - | No |
APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD |
Apple Distribution Certificate Password | - | - | No | |
APPLE_DISTRIBUTION_SIGNING_IDENTITY |
Apple Distribution Signing Identity | Certificate (based on Team ID) | - | - | No |
APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE |
Apple Developer ID Application Certificate | https://developer.apple.com/account/resources/certificates/list | 5 years | Yes | No |
APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD |
Apple Developer ID Certificate Password | - | - | No | |
APPLE_DEVELOPER_ID_SIGNING_IDENTITY |
Apple Developer ID Signing Identity | Certificate (based on Team ID) | - | - | No |
APPLE_SIGNING_ALTOOL_USERNAME |
Apple Account (Developer in Team) | - | - | No | |
APPLE_SIGNING_ALTOOL_PASSWORD |
App-specific password for account | https://account.apple.com/account/manage (app-specific passwords) | - | - | No |
APPLE_SIGNING_TEAM |
Apple Team ID (not secret) | https://developer.apple.com/account | - | - | No |
- The
*_SIGNING_CERTIFICATE
secrets are base64 encoded in GH. - The signing certificates are usually limited in number (5 I think for Development)
- Distribution certificate is used for App Store distribution
- Developer ID is used for off-store (ie. .app/.dmg) distribution. It is limited to one and can only be created by Account Holder but last longer.
- Open Keychain Access
- (Menubar) Keychain Access –> Certificate Assistant –> Request a Certificate from a Certificate Authority…
- User Email Address: Your email address
- Common Name: A short descriptive name for the certificate. Used in Keychain Access. Has no other consequence.
- Pick Saved to disk
- Continue and chose appropriate filename.
- in Apple Developer's Certificates page, choose Create then select correct type and then attach the CSR created above.
- Apple will offer to download the certificate (
.cer
extension). - Double-click the downloaded Certificate to open it in Keychain Access
- Right-click -> Get info
- The Common Name is your
_SIGNING_IDENTITY
value)
- The Common Name is your
- Select both the private key and the downloaded certificate (1)
- Right-click -> Export 2 items
- Select P12 file format
- Set a password (will be the
_P12_PASSWORD
value)
- Now retrieve the
_CERTIFICATE
value withbase64 -i /path/to/xxx.p12 | pbcopy
.