Create new iOS code signing certificates (via cert)

Why?UsageHow does it work?Tips

cert is part of fastlane: The easiest way to automate beta deployments and releases for your iOS and Android apps.


In the gif we used cert && sigh, which will first create an iOS code signing certificate and then a provisioning profile for your app if cert succeeded.


Note: It is recommended to use match according to the for generating and maintaining your certificates. Use cert directly only if you want full control over what's going on and know more about codesigning.

fastlane cert

This will check if any of the available signing certificates is installed on your local machine.

Only if a new certificate needs to be created, cert will

  • Create a new private key
  • Create a new signing request
  • Generate, downloads and installs the certificate
  • Import all the generated files into your Keychain

cert will never revoke your existing certificates. If you can't create any more certificates, cert will raise an exception, which means, you have to revoke one of the existing certificates to make room for a new one.

You can pass your Apple ID:

fastlane cert -u

For a list of available commands run

fastlane action cert

Keep in mind, there is no way for cert to download existing certificates + private keys from the Apple Developer Portal, as the private key never leaves your computer.

Environment Variables

Run fastlane action cert to get a list of all available environment variables.

Use with sigh

cert becomes really interesting when used in fastlane in combination with sigh.

Update your Fastfile to contain the following code:

lane :beta do
  sigh(force: true)

force: true will make sure to re-generate the provisioning profile on each run. This will result in sigh always using the correct signing certificate, which is installed on the local machine.

How is my password stored?

cert uses the password manager from fastlane. Take a look the CredentialsManager README for more information.


Use 'ProvisionQL' for advanced Quick Look in Finder

Install ProvisionQL.

It will show you mobileprovision files like this: img/actions/QuickLookScreenshot-Provision.png

Supported platforms ios
Author @KrauseFx

3 Examples

cert # alias for "get_certificates"
  development: true,
  username: ""


Key Description Default
development Create a development certificate instead of a distribution one false
type Create specific certificate type (takes precedence over :development)
force Create a certificate even if an existing certificate exists false
generate_apple_certs Create a certificate type for Xcode 11 and later (Apple Development or Apple Distribution) *
api_key_path Path to your App Store Connect API Key JSON file (
api_key Your App Store Connect API Key information (
username Your Apple ID Username *
team_id The ID of your Developer Portal team if you're in multiple teams *
team_name The name of your Developer Portal team if you're in multiple teams *
filename The filename of certificate to store
output_path The path to a directory in which all certificates and private keys should be stored .
keychain_path Path to a custom keychain *
keychain_password This might be required the first time you access certificates on a new mac. For the login/default keychain this is your macOS account password
skip_set_partition_list Skips setting the partition list (which can sometimes take a long time). Setting the partition list is usually needed to prevent Xcode from prompting to allow a cert to be used for signing false
platform Set the provisioning profile's platform (ios, macos, tvos) ios

* = default value is dependent on the user's system

Lane Variables

Actions can communicate with each other using a shared hash lane_context, that can be accessed in other actions, plugins or your lanes: lane_context[SharedValues:XYZ]. The get_certificates action generates the following Lane Variables:

SharedValue Description
SharedValues::CERT_FILE_PATH The path to the certificate
SharedValues::CERT_CERTIFICATE_ID The id of the certificate

To get more information check the Lanes documentation.


To show the documentation in your terminal, run

fastlane action get_certificates


It is recommended to add the above action into your Fastfile, however sometimes you might want to run one-offs. To do so, you can run the following command from your terminal

fastlane run get_certificates

To pass parameters, make use of the : symbol, for example

fastlane run get_certificates parameter1:"value1" parameter2:"value2"

It's important to note that the CLI supports primitive types like integers, floats, booleans, and strings. Arrays can be passed as a comma delimited string (e.g. param:"1,2,3"). Hashes are not currently supported.

It is recommended to add all fastlane actions you use to your Fastfile.

Source code

This action, just like the rest of fastlane, is fully open source, view the source code on GitHub

Back to actions