Configuring environment variables

Provisioning profiles and code signing certificates are obtained from Apple Developer portal with the command app-store-connect fetch-signing-files. App Store Connect API key information can be passed to it via environment variables APP_STORE_CONNECT_KEY_IDENTIFIER, APP_STORE_CONNECT_ISSUER_ID, APP_STORE_CONNECT_PRIVATE_KEY.

The Apple Developer Portal integration can be enabled in Teams > Personal Account > Integrations for personal projects and in Teams > Your Team Name > Team integrations for projects shared in the team (if you’re a team admin). This allows you to conveniently use the same access credentials for automatic code signing and publishing across different apps and workflows.

  1. In the list of available integrations, click the Connect button for Developer Portal.
  2. In the App Store Connect API key name, provide a name for the key you are going to set up the integration with. This is for identifying the key in Codemagic.
  3. Enter the Issuer ID related to your Apple Developer account. You can find it above the table of active keys on the Integrations tab of the Users and Access page.
  4. Enter the Key ID of the key to be used for code signing.
  5. In the API key field, upload the private API key downloaded from App Store Connect.
  6. Click Save to finish the setup.

If you work with multiple Apple Developer teams, you can add additional keys by clicking Add another key right after adding the first key and repeating the steps described above. You can delete existing keys or add new ones when you click Manage keys next to the Developer Portal integration in user or team settings.

Integration will take care of the App Store Connect API authentication part, but additionally the certificate private key has to be exported too. For this additional environment variable CERTIFICATE_PRIVATE_KEY has to be defined.

  1. Open your Codemagic app settings, and go to the Environment variables tab.
  2. Enter CERTIFICATE_PRIVATE_KEY as the Variable name.
  3. Open the file ios_distribution_private_key with a text editor and copy the entire contents of the file, including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- tags. Alternatively, you can run the following command on the file:
cat ios_distribution_private_key | pbcopy
  1. Paste into the Variable value field.
  2. Enter a variable group name, e.g. code-signing. Click the button to create the group.
  3. Make sure the Secure option is selected so that the variable can be protected by encryption.
  4. Click the Add button to add the variable.

In your workflow you can now simply use the following to ensure that all variables are readily available during build:

workflows:
  ios-workflow:
    environment:
        groups:
            - code-signing
    integrations:
        app_store_connect: <App Store Connect API key name>

This will expose necessary environment variables during the build.

  1. Open your Codemagic app settings, and go to the Environment variables tab.
  2. Enter CERTIFICATE_PRIVATE_KEY as the Variable name.
  3. Open the file ios_distribution_private_key with a text editor and copy the entire contents of the file, including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- tags. Alternatively, you can run the following command on the file:
cat ios_distribution_private_key | pbcopy
  1. Paste into the Variable value field.
  2. Enter a variable group name, e.g. appstore_credentials. Click the button to create the group.
  3. Make sure the Secure option is selected so that the variable can be protected by encryption.
  4. Click the Add button to add the variable.
  1. Run the following command on the App Store Connect API key file that you downloaded earlier (in our example saved as codemagic_api_key.p8) to copy its content to clipboard:
cat codemagic_api_key.p8 | pbcopy
  1. Create a new Environment variable APP_STORE_CONNECT_PRIVATE_KEY and paste the value from clipboard.
  1. Create variable APP_STORE_CONNECT_KEY_IDENTIFIER. The value is the Key ID field from App Store Connect > Users and Access > Keys.
  2. Create variable APP_STORE_CONNECT_ISSUER_ID. The value is the Issuer ID field from App Store Connect > Users and Access > Keys.
Tip: Store all the of these variables in the same group so they can be imported to codemagic.yaml workflow at once.

Environment variables have to be added to the workflow either individually or as a group. Modify your codemagic.yaml file by adding the following:

workflows:
  ios-workflow:
    name: iOS Workflow
    # ....
    environment:
        groups:
            - appstore_credentials