Create new iOS code signing certificates (via cert)
Why? • Usage • How does it work? • Tips
cert is part of fastlane: The easiest way to automate beta deployments and releases for your iOS and Android apps.
In the gif we used
cert && sigh, which will first create an iOS code signing certificate and then a provisioning profile for your app if cert succeeded.
Note: It is recommended to use match according to the codesigning.guide for generating and maintaining your certificates. Use cert directly only if you want full control over what's going on and know more about codesigning.
This will check if any of the available signing certificates is installed on your local machine.
Only if a new certificate needs to be created, cert will
- Create a new private key
- Create a new signing request
- Generate, downloads and installs the certificate
- Import all the generated files into your Keychain
cert will never revoke your existing certificates. If you can't create any more certificates, cert will raise an exception, which means, you have to revoke one of the existing certificates to make room for a new one.
You can pass your Apple ID:
fastlane cert -u email@example.com
For a list of available commands run
fastlane action cert
Keep in mind, there is no way for cert to download existing certificates + private keys from the Apple Developer Portal, as the private key never leaves your computer.
fastlane action cert to get a list of all available environment variables.
Use with sigh
cert becomes really interesting when used in fastlane in combination with sigh.
Fastfile to contain the following code:
lane :beta do cert sigh(force: true) end
force: true will make sure to re-generate the provisioning profile on each run.
This will result in sigh always using the correct signing certificate, which is installed on the local machine.
How is my password stored?
cert uses the password manager from fastlane. Take a look the CredentialsManager README for more information.
Use 'ProvisionQL' for advanced Quick Look in Finder
It will show you
mobileprovision files like this:
cert # alias for "get_certificates"
get_certificates( development: true, username: "firstname.lastname@example.org" )
||Create a development certificate instead of a distribution one||
||Create specific certificate type (takes precedence over :development)|
||Create a certificate even if an existing certificate exists||
||Create a certificate type for Xcode 11 and later (Apple Development or Apple Distribution)||*|
||Path to your App Store Connect API Key JSON file (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-json-file)|
||Your App Store Connect API Key information (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-hash-option)|
||Your Apple ID Username||*|
||The ID of your Developer Portal team if you're in multiple teams||*|
||The name of your Developer Portal team if you're in multiple teams||*|
||The filename of certificate to store|
||The path to a directory in which all certificates and private keys should be stored||
||Path to a custom keychain||*|
||This might be required the first time you access certificates on a new mac. For the login/default keychain this is your macOS account password|
||Skips setting the partition list (which can sometimes take a long time). Setting the partition list is usually needed to prevent Xcode from prompting to allow a cert to be used for signing||
||Set the provisioning profile's platform (ios, macos, tvos)||
* = default value is dependent on the user's system
Actions can communicate with each other using a shared hash
lane_context, that can be accessed in other actions, plugins or your lanes:
get_certificates action generates the following Lane Variables:
||The path to the certificate|
||The id of the certificate|
To get more information check the Lanes documentation.
To show the documentation in your terminal, run
fastlane action get_certificates
It is recommended to add the above action into your
Fastfile, however sometimes you might want to run one-offs. To do so, you can run the following command from your terminal
fastlane run get_certificates
To pass parameters, make use of the
: symbol, for example
fastlane run get_certificates parameter1:"value1" parameter2:"value2"
It's important to note that the CLI supports primitive types like integers, floats, booleans, and strings. Arrays can be passed as a comma delimited string (e.g.
param:"1,2,3"). Hashes are not currently supported.
It is recommended to add all fastlane actions you use to your
This action, just like the rest of fastlane, is fully open source, view the source code on GitHub