# macOS code signing

> How to set up macOS code signing in the Flutter workflow editor



Code signing is required by Apple for integrating app services, installing your macOS app on another machine or uploading it to distribute it through the Mac App Store or outside of Mac App Store. It enables to identify who developed the app and ensure that all the changes to the app come from you or your team.

To create an application package that can be published to Mac App Store on Codemagic, you need to set up code signing.



> 
> **Note:** This guide only applies to workflows configured with the **Flutter workflow editor**. If your workflow is configured with **codemagic.yaml** please go to [Signing macOS apps using codemagic.yaml](../code-signing-yaml/signing-macos).
> 



## Prerequisites

Before you can start signing or distributing your app, there are a few things you need.

* [Apple Developer Program](https://developer.apple.com/programs/enroll/) membership
* An [app ID](https://developer.apple.com/account/resources/identifiers/bundleId/add/) for your macOS app in the Apple Developer portal
* **signing certificates** (`Personal Information Exchange, .p12`)
* A **provisioning profile** (`.provisionprofile`)

The signing certificates — development or distribution — help to identify who built the code.

A provisioning profile — development or distribution — contains information about the app ID, the devices on which the app can be installed and the certificates that can be used for signing the app. Note that if your app contains app extensions, you need an additional provisioning profile for each app extension.



> 
> **Note:** With **automatic code signing**, Codemagic will create both the certificate and the provisioning profile for you on your behalf without requiring a Mac.
> 
> With **manual code signing**, you need to upload the signing files manually.
> 



Signing an application with a development certificate and profile requires the UUID of the machine which builds the application to be present in the profile. Therefore, using a development certificate is not possible on Codemagic since the build machine won't be listed in the used profile.

Distribution is possible to Mac App Store (using `Mac App Distribution` and `Mac Installer Distribution` certificates and `Mac App Store` profile) and outside of Mac App Store (using `Developer ID Application` certificate and `Developer ID` profile). 

**Note**: Currently, Codemagic only supports code signing the app for publishing to the Mac App Store.

## Automatic code signing

Codemagic makes automatic code signing possible by connecting to [App Store Connect via its API](https://developer.apple.com/app-store-connect/api/) for creating and managing your code signing certificates and provisioning profiles. It is possible to set up several code signing identities and use different code signing settings per workflow.

The following sections describe how to set up automatic code signing for builds configured in the UI. If you're building with `codemagic.yaml`, please refer [here](../code-signing-yaml/signing-macos).

Note that Apple Developer Portal has a limitation of maximum of 2 macOS distribution certificates per team. This means that if you already have 2 `Mac Installer Distribution` certificates, Codemagic won't be able to create new ones. Using existing certificates won't be possible because the private key required to install them is only stored on your machine.

You may revoke an existing certificate to allow Codemagic to create a new one using a Codemagic team-specific private key which is only stored on Codemagic. Alternatively, you can use [manual code signing](#manual-code-signing-to-publish-to-mac-app-store).

### Step 1. Creating an App Store API key for Codemagic

%!s(<nil>)The Apple Developer Portal integration can be enabled in the **Team integrations** section in your team settings (if you're a team admin). This allows you to conveniently use the same access credentials for automatic code signing and publishing across different apps and workflows.

1. In the list of available integrations, click the **Connect** button for **Developer Portal**.
2. In the **App Store Connect API key name**, provide a name for the key you are going to set up the integration with. This is for identifying the key in Codemagic.
3. Enter the **Issuer ID** related to your Apple Developer account. You can find it above the table of active keys on the Integrations tab of the [Users and Access](https://appstoreconnect.apple.com/access/integrations/api) page.
4. Enter the **Key ID** of the key to be used for code signing.
5. In the **API key** field, upload the private API key downloaded from App Store Connect.
6. Click **Save** to finish the setup.

If you work with multiple Apple Developer teams, you can add additional keys by clicking **Add another key** right after adding the first key and repeating the steps described above. You can delete existing keys or add new ones when you click **Manage keys** next to the Developer Portal integration in personal account or team settings.


### Step 3. Enabling automatic code signing for workflow

Once the Apple Developer Portal has been enabled for the account or team the app belongs to, you can easily enable automatic code signing per workflow.

1. Go to **App settings > Distribution > macOS code signing**.
2. Select **Automatic** as the code signing method. If you haven't enabled the Apple Developer Portal integration yet, you will be asked to enable it before you can continue configuration.
3. If you have several keys available, select the right key in the **App Store Connect API key** field.
4. Mark the checkbox **Project type setting > is Mac Catalyst** if you need a Mac Catalyst profile.
7. Select your app's **bundle identifier**. Codemagic lists all the bundle IDs available for the selected App Store Connect API key. If you can't see your app's bundle identifier listed, create one in [Apple Developer Portal](https://developer.apple.com/account/resources/identifiers/add/bundleId).

As the next step, you can [configure publishing to App Store Connect](../publishing/publishing-to-app-store) to submit the app to App Store Connect and distribute it via Mac App Store.

## Manual code signing

With the manual code signing method, you are required to upload the `Mac App Distribution` and `Mac Installer Distribution` certificates and the `Mac App Store` profile. You can also upload additional profiles if required.
>See how to [export certificates and provisioning profiles](#exporting-certificates-and-provisioning-profiles).

### Setting up manual code signing

1. Go to **App settings > Distribution > iOS code signing**.
2. Select **Manual** as the code signing method.
3. Upload your `Mac App Distribution` signing certificate (in `.p12` format). If your certificate is password-protected, enter the **Certificate password**.
3. Upload your `Mac Installer Distribution` signing certificate (in `.p12` format). If your certificate is password-protected, enter the **Certificate password**.
4. Upload your provisioning profile (`.provisionprofile`). Note that if your app contains app extensions, you are required to upload an additional provisioning profile for each extension.

{{< figure size="medium" src="../uploads/manual_code_signing_macos.png" caption="Manual macOS code signing setup