asc-signing-setup
Set up bundle IDs, capabilities, signing certificates, provisioning profiles, and encrypted signing sync with the asc cli. Use when onboarding a new app, rotating signing assets, or sharing them across a team.
How do I install this agent skill?
npx skills add https://github.com/rudrankriyam/app-store-connect-cli-skills --skill asc-signing-setupIs this agent skill safe to install?
- Gen Agent Trust Hubpass
The skill provides a workflow for managing Apple App Store Connect assets using the asc CLI tool. It is a standard administrative tool for iOS/macOS development, and no security issues were identified during analysis.
- Socketpass
No alerts
- Snykpass
Risk: LOW · No issues
- Runlayerpass
1/1 file flagged
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
asc signing setup
Use this skill when you need to create or renew signing assets for iOS/macOS apps.
Preconditions
- Auth is configured (
asc auth loginorASC_*env vars). - You know the bundle identifier and target platform.
- You have a CSR file for certificate creation, or you will let
asc certificates create --generate-csrcreate one.
Workflow
- Create or find the bundle ID:
asc bundle-ids list --paginateasc bundle-ids create --identifier "com.example.app" --name "Example" --platform IOS
- Configure bundle ID capabilities:
asc bundle-ids capabilities list --bundle "BUNDLE_ID"asc bundle-ids capabilities add --bundle "BUNDLE_ID" --capability ICLOUD- Add capability settings when required:
--settings '[{"key":"ICLOUD_VERSION","options":[{"key":"XCODE_13","enabled":true}]}]'
- Create a signing certificate:
asc certificates list --certificate-type IOS_DISTRIBUTIONasc certificates create --certificate-type IOS_DISTRIBUTION --csr "./cert.csr"- Or generate a key and CSR inline:
asc certificates create --certificate-type IOS_DISTRIBUTION --generate-csr --key-out "./signing/dist.key" --csr-out "./signing/dist.csr"
- Create a provisioning profile:
asc profiles create --name "AppStore Profile" --profile-type IOS_APP_STORE --bundle "BUNDLE_ID" --certificate "CERT_ID"- Include devices for development/ad-hoc:
asc profiles create --name "Dev Profile" --profile-type IOS_APP_DEVELOPMENT --bundle "BUNDLE_ID" --certificate "CERT_ID" --device "DEVICE_ID"
- Download the profile:
asc profiles download --id "PROFILE_ID" --output "./profiles/AppStore.mobileprovision"
- Inspect and install the downloaded profile locally when needed:
asc profiles inspect --path "./profiles/AppStore.mobileprovision" --output tableasc profiles inspect --path "./profiles/AppStore.mobileprovision" --entitlements --output markdownasc profiles local install --path "./profiles/AppStore.mobileprovision"asc profiles local list --output table
Rotation and cleanup
- Revoke old certificates:
asc certificates revoke --id "CERT_ID" --confirm
- Audit remote provisioning profiles before deleting or rotating:
asc profiles list --profile-state ACTIVE,INVALID --paginate --output json- Apple
profileStateis not a complete expiration signal: some profiles can have a pastexpirationDatewhile still reportingACTIVE. For true expired-profile audits, compareexpirationDateagainst the current date instead of relying only onINVALID.
- Delete old profiles:
asc profiles delete --id "PROFILE_ID" --confirm
- Clean local Xcode provisioning profiles:
asc profiles local clean --expired --dry-runasc profiles local clean --expired --confirm
Shared team storage with asc signing sync
Use this when you want a lightweight, non-interactive alternative to fastlane match for encrypted git-backed certificate/profile storage.
# Push current ASC signing assets into an encrypted git repo
asc signing sync push \
--bundle-id "com.example.app" \
--profile-type IOS_APP_STORE \
--repo "git@github.com:team/certs.git" \
--password "$MATCH_PASSWORD"
# Pull and decrypt them into a local directory
asc signing sync pull \
--repo "git@github.com:team/certs.git" \
--password "$MATCH_PASSWORD" \
--output-dir "./signing"
Notes:
--passwordfalls back toASC_MATCH_PASSWORD.- The encrypted repo follows a familiar match-style git layout for certs and profiles.
pullwrites files to disk; keychain import or profile installation is a separate step.
Notes
- Always check
--helpfor the exact enum values (certificate types, profile types). - Use
--paginatefor large accounts. --certificateaccepts comma-separated IDs when multiple certificates are required.- Device management uses
asc devicescommands (UDID required). asc profiles inspectandasc profiles local ...operate on local disk state, not App Store Connect API resources.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/rudrankriyam/app-store-connect-cli-skills/asc-signing-setup">View asc-signing-setup on skillZs</a>