skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
rudrankriyam/app-store-connect-cli-skills2.3k installs

asc-signing-setup

Set up bundle IDs, capabilities, signing certificates, provisioning profiles, and encrypted signing sync with the asc cli. Use when onboarding a new app, rotating signing assets, or sharing them across a team.

How do I install this agent skill?

npx skills add https://github.com/rudrankriyam/app-store-connect-cli-skills --skill asc-signing-setup
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    The skill provides a workflow for managing Apple App Store Connect assets using the asc CLI tool. It is a standard administrative tool for iOS/macOS development, and no security issues were identified during analysis.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • Runlayerpass

    1/1 file flagged

  • ZeroLeakspass

    Score: 93/100 · 2 sections analyzed

What does this agent skill do?

asc signing setup

Use this skill when you need to create or renew signing assets for iOS/macOS apps.

Preconditions

  • Auth is configured (asc auth login or ASC_* env vars).
  • You know the bundle identifier and target platform.
  • You have a CSR file for certificate creation, or you will let asc certificates create --generate-csr create one.

Workflow

  1. Create or find the bundle ID:
    • asc bundle-ids list --paginate
    • asc bundle-ids create --identifier "com.example.app" --name "Example" --platform IOS
  2. Configure bundle ID capabilities:
    • asc bundle-ids capabilities list --bundle "BUNDLE_ID"
    • asc bundle-ids capabilities add --bundle "BUNDLE_ID" --capability ICLOUD
    • Add capability settings when required:
      • --settings '[{"key":"ICLOUD_VERSION","options":[{"key":"XCODE_13","enabled":true}]}]'
  3. Create a signing certificate:
    • asc certificates list --certificate-type IOS_DISTRIBUTION
    • asc certificates create --certificate-type IOS_DISTRIBUTION --csr "./cert.csr"
    • Or generate a key and CSR inline:
      • asc certificates create --certificate-type IOS_DISTRIBUTION --generate-csr --key-out "./signing/dist.key" --csr-out "./signing/dist.csr"
  4. Create a provisioning profile:
    • asc profiles create --name "AppStore Profile" --profile-type IOS_APP_STORE --bundle "BUNDLE_ID" --certificate "CERT_ID"
    • Include devices for development/ad-hoc:
      • asc profiles create --name "Dev Profile" --profile-type IOS_APP_DEVELOPMENT --bundle "BUNDLE_ID" --certificate "CERT_ID" --device "DEVICE_ID"
  5. Download the profile:
    • asc profiles download --id "PROFILE_ID" --output "./profiles/AppStore.mobileprovision"
  6. Inspect and install the downloaded profile locally when needed:
    • asc profiles inspect --path "./profiles/AppStore.mobileprovision" --output table
    • asc profiles inspect --path "./profiles/AppStore.mobileprovision" --entitlements --output markdown
    • asc profiles local install --path "./profiles/AppStore.mobileprovision"
    • asc profiles local list --output table

Rotation and cleanup

  • Revoke old certificates:
    • asc certificates revoke --id "CERT_ID" --confirm
  • Audit remote provisioning profiles before deleting or rotating:
    • asc profiles list --profile-state ACTIVE,INVALID --paginate --output json
    • Apple profileState is not a complete expiration signal: some profiles can have a past expirationDate while still reporting ACTIVE. For true expired-profile audits, compare expirationDate against the current date instead of relying only on INVALID.
  • Delete old profiles:
    • asc profiles delete --id "PROFILE_ID" --confirm
  • Clean local Xcode provisioning profiles:
    • asc profiles local clean --expired --dry-run
    • asc profiles local clean --expired --confirm

Shared team storage with asc signing sync

Use this when you want a lightweight, non-interactive alternative to fastlane match for encrypted git-backed certificate/profile storage.

# Push current ASC signing assets into an encrypted git repo
asc signing sync push \
  --bundle-id "com.example.app" \
  --profile-type IOS_APP_STORE \
  --repo "git@github.com:team/certs.git" \
  --password "$MATCH_PASSWORD"

# Pull and decrypt them into a local directory
asc signing sync pull \
  --repo "git@github.com:team/certs.git" \
  --password "$MATCH_PASSWORD" \
  --output-dir "./signing"

Notes:

  • --password falls back to ASC_MATCH_PASSWORD.
  • The encrypted repo follows a familiar match-style git layout for certs and profiles.
  • pull writes files to disk; keychain import or profile installation is a separate step.

Notes

  • Always check --help for the exact enum values (certificate types, profile types).
  • Use --paginate for large accounts.
  • --certificate accepts comma-separated IDs when multiple certificates are required.
  • Device management uses asc devices commands (UDID required).
  • asc profiles inspect and asc profiles local ... operate on local disk state, not App Store Connect API resources.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/rudrankriyam/app-store-connect-cli-skills/asc-signing-setup">View asc-signing-setup on skillZs</a>