asc-signing-setup
rudrankriyam/app-store-connect-cli-skills
How to install asc-signing-setup
npx skills add https://github.com/rudrankriyam/app-store-connect-cli-skills --skill asc-signing-setupFull instructions (SKILL.md)
Source of truth, from rudrankriyam/app-store-connect-cli-skills.
name: asc-signing-setup description: Set up bundle IDs, capabilities, signing certificates, provisioning profiles, and encrypted signing sync with the asc cli. Use when onboarding a new app, rotating signing assets, or sharing them across a team.
asc signing setup
Use this skill when you need to create or renew signing assets for iOS/macOS apps.
Preconditions
- Auth is configured (
asc auth loginorASC_*env vars). - You know the bundle identifier and target platform.
- You have a CSR file for certificate creation, or you will let
asc certificates create --generate-csrcreate one.
Workflow
- Create or find the bundle ID:
asc bundle-ids list --paginateasc bundle-ids create --identifier "com.example.app" --name "Example" --platform IOS
- Configure bundle ID capabilities:
asc bundle-ids capabilities list --bundle "BUNDLE_ID"asc bundle-ids capabilities add --bundle "BUNDLE_ID" --capability ICLOUD- Add capability settings when required:
--settings '[{"key":"ICLOUD_VERSION","options":[{"key":"XCODE_13","enabled":true}]}]'
- Create a signing certificate:
asc certificates list --certificate-type IOS_DISTRIBUTIONasc certificates create --certificate-type IOS_DISTRIBUTION --csr "./cert.csr"- Or generate a key and CSR inline:
asc certificates create --certificate-type IOS_DISTRIBUTION --generate-csr --key-out "./signing/dist.key" --csr-out "./signing/dist.csr"
- Create a provisioning profile:
asc profiles create --name "AppStore Profile" --profile-type IOS_APP_STORE --bundle "BUNDLE_ID" --certificate "CERT_ID"- Include devices for development/ad-hoc:
asc profiles create --name "Dev Profile" --profile-type IOS_APP_DEVELOPMENT --bundle "BUNDLE_ID" --certificate "CERT_ID" --device "DEVICE_ID"
- Download the profile:
asc profiles download --id "PROFILE_ID" --output "./profiles/AppStore.mobileprovision"
- Inspect and install the downloaded profile locally when needed:
asc profiles inspect --path "./profiles/AppStore.mobileprovision" --output tableasc profiles inspect --path "./profiles/AppStore.mobileprovision" --entitlements --output markdownasc profiles local install --path "./profiles/AppStore.mobileprovision"asc profiles local list --output table
Rotation and cleanup
- Revoke old certificates:
asc certificates revoke --id "CERT_ID" --confirm
- Audit remote provisioning profiles before deleting or rotating:
asc profiles list --profile-state ACTIVE,INVALID --paginate --output json- Apple
profileStateis not a complete expiration signal: some profiles can have a pastexpirationDatewhile still reportingACTIVE. For true expired-profile audits, compareexpirationDateagainst the current date instead of relying only onINVALID.
- Delete old profiles:
asc profiles delete --id "PROFILE_ID" --confirm
- Clean local Xcode provisioning profiles:
asc profiles local clean --expired --dry-runasc profiles local clean --expired --confirm
Shared team storage with asc signing sync
Use this when you want a lightweight, non-interactive alternative to fastlane match for encrypted git-backed certificate/profile storage.
# Push current ASC signing assets into an encrypted git repo
asc signing sync push \
--bundle-id "com.example.app" \
--profile-type IOS_APP_STORE \
--repo "git@github.com:team/certs.git" \
--password "$MATCH_PASSWORD"
# Pull and decrypt them into a local directory
asc signing sync pull \
--repo "git@github.com:team/certs.git" \
--password "$MATCH_PASSWORD" \
--output-dir "./signing"
Notes:
--passwordfalls back toASC_MATCH_PASSWORD.- The encrypted repo follows a familiar match-style git layout for certs and profiles.
pullwrites files to disk; keychain import or profile installation is a separate step.
Notes
- Always check
--helpfor the exact enum values (certificate types, profile types). - Use
--paginatefor large accounts. --certificateaccepts comma-separated IDs when multiple certificates are required.- Device management uses
asc devicescommands (UDID required). asc profiles inspectandasc profiles local ...operate on local disk state, not App Store Connect API resources.
Related skills
More from rudrankriyam/app-store-connect-cli-skills and the wider catalog.
asc-cli-usage
Guidance for using asc cli in this repo (flags, output formats, pagination, auth, and discovery). Use when asked to run or design asc commands or interact with App Store Connect via the CLI.
asc-release-flow
Determine whether an app is ready to submit, then drive the current App Store release flow with asc, including validation, staging, review submission, first-time availability, subscriptions, IAP, Game Center, and App Privacy checks.
asc-xcode-build
Build, archive, export, upload, and manage Xcode version/build numbers with the current asc xcode helpers before App Store Connect upload or submission. Use when creating an IPA or PKG for upload.
asc-submission-health
Validate App Store submission readiness, submit prepared versions, and monitor review status with current asc commands. Use when shipping or troubleshooting review submissions.
asc-metadata-sync
Sync, validate, and apply App Store metadata with the current asc canonical metadata workflow. Use when updating metadata, localizations, keywords, or migrating legacy fastlane metadata.
asc-testflight-orchestration
Orchestrate TestFlight distribution, groups, testers, and What to Test notes using asc. Use when rolling out betas.