Asc Signing Setup
Automate the configuration of code signing certificates and provisioning profiles for App Store Connect
Category: productivity Source: rudrankriyam/app-store-connect-cli-skillsAsc Signing Setup is a community skill for configuring code signing through App Store Connect, covering certificate management, provisioning profile creation, capability configuration, signing identity resolution, and automated signing setup for CI/CD environments.
What Is This?
Overview
Asc Signing Setup provides patterns for managing iOS code signing assets through the App Store Connect API. It covers certificate management that creates, downloads, and revokes distribution and development certificates, provisioning profile creation that generates profiles linking certificates, app IDs, and device lists, capability configuration that enables entitlements like push notifications, Sign in with Apple, and App Groups, signing identity resolution that matches the correct certificate and profile combination for each build target, and CI automation that configures signing in headless build environments. The skill enables teams to automate code signing management and reduce manual intervention during release cycles.
Who Should Use This
This skill serves iOS developers setting up code signing for new projects and team members, DevOps engineers configuring signing in CI build environments, and team leads managing certificates and profiles across development teams. It is particularly valuable for organizations running multiple apps or maintaining separate staging and production signing configurations.
Why Use It?
Problems It Solves
Code signing errors are the most common build failure for iOS developers. Certificate expiration causes build failures that block releases. Provisioning profiles must be regenerated when devices or capabilities change. CI environments need signing assets provisioned without the Xcode GUI. Without automation, these tasks require manual intervention that slows down release pipelines and introduces human error.
Core Highlights
Certificate manager creates and tracks distribution and development certificates with expiration alerts. Profile generator creates provisioning profiles with correct certificate and capability bindings. Capability configurator enables and disables app entitlements through the API. CI provisioner installs signing assets in headless build environments.
How to Use It?
Basic Usage
// Signing setup manager
import Foundation
struct SigningManager {
let api: ASCClient
func listCertificates(
type: String
= "IOS_DISTRIBUTION"
) async throws
-> [Certificate] {
let resp =
try await api.get(
path:
"/v1/certificates",
query: [
"filter[certificate"
+ "Type]": type])
return resp.data.map {
Certificate(
id: $0.id,
name: $0.attributes
.name,
expiration: $0
.attributes
.expirationDate,
serialNumber: $0
.attributes
.serialNumber)
}
}
func createProfile(
name: String,
bundleId: String,
certIds: [String],
type: String
= "IOS_APP_STORE"
) async throws -> String {
let resp =
try await api.post(
path: "/v1/profiles",
body: [
"data": [
"type":
"profiles",
"attributes": [
"name": name,
"profileType":
type],
"relationships":
buildRelations(
bundleId:
bundleId,
certIds:
certIds)
]
])
return resp.data.id
}
}
Real-World Examples
#!/bin/bash
set -euo pipefail
KEYCHAIN="build.keychain"
KEYCHAIN_PASS="ci-temp-pass"
security create-keychain \
-p "$KEYCHAIN_PASS" \
"$KEYCHAIN"
security set-keychain-settings \
-lut 3600 "$KEYCHAIN"
security unlock-keychain \
-p "$KEYCHAIN_PASS" \
"$KEYCHAIN"
security import \
"$CERT_PATH" \
-k "$KEYCHAIN" \
-P "$CERT_PASSWORD" \
-T /usr/bin/codesign
security set-key-partition\
-list \
-S apple-tool:,apple: \
-s -k "$KEYCHAIN_PASS" \
"$KEYCHAIN"
PROFILE_DIR="$HOME/Library/\
MobileDevice/\
Provisioning Profiles"
mkdir -p "$PROFILE_DIR"
cp "$PROFILE_PATH" \
"$PROFILE_DIR/"
echo "Signing configured"
Advanced Tips
Set up certificate expiration monitoring that creates new certificates and regenerates profiles before the old ones expire. A 30-day advance warning threshold gives teams sufficient time to rotate assets without disrupting active builds. Use automatic signing in Xcode for development and manual signing for distribution with CI-managed profiles. Store signing assets encrypted in a secrets manager and decrypt only during CI builds. Scope secrets access by environment so staging and production certificates remain isolated from one another.
When to Use It?
Use Cases
Set up code signing in a CI environment with automated certificate and profile installation. Monitor certificate expiration and automatically regenerate before builds fail. Configure app capabilities like push notifications through the API. These patterns apply equally to single-app teams and large organizations managing dozens of bundle identifiers.
Related Topics
Code signing, provisioning profiles, certificates, iOS CI/CD, and App Store Connect API.
Important Notes
Requirements
App Store Connect API key with certificate and profile management permissions. Apple Developer Program membership for distribution certificate creation. macOS environment for keychain operations in CI.
Usage Recommendations
Do: rotate distribution certificates before expiration to avoid build failures. Use separate signing identities for CI and local development. Keep provisioning profiles in sync with capability changes.
Don't: share distribution certificate private keys outside of secure secrets management. Create multiple distribution certificates unnecessarily as Apple limits the total count. Leave temporary CI keychains unlocked after builds complete.
Limitations
Apple limits the number of active distribution certificates per account. Provisioning profile creation requires the associated certificate to be valid. Automatic signing in Xcode may override manually managed profiles during local development. Revoking a certificate invalidates all provisioning profiles associated with it.