Do I need a CSR file to create certificates?

Yes, a CSR is required for certificate creation (IOS_DISTRIBUTION or similar types).

Can I specify multiple certificates at once?

Yes, the --certificate option accepts comma-separated IDs when multiple certificates are required.

How do I revoke and clean up old assets?

Use asc certificates revoke with --id and asc profiles delete with --id --confirm to rotate signing assets safely.

asc-signing-setup

Scanned

npx machina-cli add skill rudrankriyam/app-store-connect-cli-skills/asc-signing-setup --openclaw

Files (1)

SKILL.md

2.1 KB

asc signing setup

Use this skill when you need to create or renew signing assets for iOS/macOS apps.

Preconditions

Auth is configured (asc auth login or ASC_* env vars).
You know the bundle identifier and target platform.
You have a CSR file for certificate creation.

Workflow

Create or find the bundle ID:
- asc bundle-ids list --paginate
- asc bundle-ids create --identifier "com.example.app" --name "Example" --platform IOS
Configure bundle ID capabilities:
- asc bundle-ids capabilities list --bundle "BUNDLE_ID"
- asc bundle-ids capabilities add --bundle "BUNDLE_ID" --capability ICLOUD
- Add capability settings when required:
  - --settings '[{"key":"ICLOUD_VERSION","options":[{"key":"XCODE_13","enabled":true}]}]'
Create a signing certificate:
- asc certificates list --certificate-type IOS_DISTRIBUTION
- asc certificates create --certificate-type IOS_DISTRIBUTION --csr "./cert.csr"
Create a provisioning profile:
- asc profiles create --name "AppStore Profile" --profile-type IOS_APP_STORE --bundle "BUNDLE_ID" --certificate "CERT_ID"
- Include devices for development/ad-hoc:
  - asc profiles create --name "Dev Profile" --profile-type IOS_APP_DEVELOPMENT --bundle "BUNDLE_ID" --certificate "CERT_ID" --device "DEVICE_ID"
Download the profile:
- asc profiles download --id "PROFILE_ID" --output "./profiles/AppStore.mobileprovision"

Rotation and cleanup

Revoke old certificates:
- asc certificates revoke --id "CERT_ID" --confirm
Delete old profiles:
- asc profiles delete --id "PROFILE_ID" --confirm

Notes

Always check --help for the exact enum values (certificate types, profile types).
Use --paginate for large accounts.
--certificate accepts comma-separated IDs when multiple certificates are required.
Device management uses asc devices commands (UDID required).

Source

git clone https://github.com/rudrankriyam/app-store-connect-cli-skills/blob/main/skills/asc-signing-setup/SKILL.mdView on GitHub

Overview

This skill guides you through creating and renewing signing assets for iOS/macOS apps using the asc CLI. It covers bundle IDs, capabilities, signing certificates, provisioning profiles, and the download step, making onboarding and asset rotation straightforward.

How This Skill Works

After configuring auth, you execute a sequence of asc commands to establish a bundle ID, assign capabilities, create a distribution certificate using a CSR, create a provisioning profile, and download the final profile. Typical flow uses commands like asc bundle-ids list/create, asc bundle-ids capabilities, asc certificates create, asc profiles create, and asc profiles download. For maintenance, revoke old certificates and delete outdated profiles as part of rotation.

When to Use It

Onboarding a brand-new iOS/macOS app and setting up its signing assets
Rotating signing certificates and provisioning profiles to maintain security
Updating bundle ID capabilities or platform settings and propagating changes to signing assets
Migrating signing assets for a team or transferring to a new developer account
Creating development or Ad Hoc profiles with specific devices for testing

Quick Start

Step 1: Authenticate (asc auth login or ASC_* env vars), then gather your bundle ID and CSR file
Step 2: Create/find bundle ID, add necessary capabilities, create the distribution certificate with the CSR, then create the App Store provisioning profile and download it
Step 3: Validate the downloaded profile and perform cleanup (revoke old certs, delete old profiles) as needed

Best Practices

Authenticate with asc (asc auth login or ASC_* env vars) before starting
Know the exact bundle identifier and target platform to avoid mismatches
Use --paginate for large accounts and consult --help for valid enum values
Keep records of certificate, profile, and bundle IDs (IDs help with future rotations)
Test signing by downloading the profile and attempting a local build before submission

Example Use Cases

Onboard a new App Store app: create bundle ID, enable iCloud capability if needed, create a distribution certificate with a CSR, create an App Store provisioning profile, and download the profile
Rotate signing assets: revoke the old distribution certificate, generate a new CSR, create a new distribution certificate, update and download the App Store profile
Create a development profile with a specific device UDID for testing
Migrate signing to a new team: authenticate with ASC, re-create signing assets for the new account, and download the final profile
Verify signing readiness: download the profile and confirm it matches the intended bundle and certificate IDs before submitting a build

Frequently Asked Questions

Add this skill to your agents