# Code signing for macOS - quick start version #### Creating the App Store Connect API key Signing macOS applications requires [Apple Developer Program](https://developer.apple.com/programs/enroll/) membership. It is recommended to create a dedicated App Store Connect API key for Codemagic in [App Store Connect](https://appstoreconnect.apple.com/access/integrations/api). To do so: 1. Log in to App Store Connect and navigate to **Users and Access > Integrations >> App Store Connect API**. 2. Click on the + sign to generate a new API key. 3. Enter the name for the key and select an access level. We recommend choosing `App Manager` access rights, read more about Apple Developer Program role permissions [here](https://help.apple.com/app-store-connect/#/deve5f9a89d7). 4. Click **Generate**. 5. As soon as the key is generated, you can see it added to the list of active keys. Click **Download API Key** to save the private key for later. Note that the key can only be downloaded once. > > Take note of the **Issuer ID** above the table of active keys as well as the **Key ID** of the generated key as these will be required when setting up the Apple Developer Portal integration in the Codemagic UI. > ### Automatic vs Manual code signing Signing macOS apps requires a `Signing certificate` (App Store **development** or **distribution** certificate in `.p12` format) and a `Provisioning profile`. In **Manual code signing** you save these files as Codemagic `Environment variables` and manually reference them in the appropriate build steps. In **Automatic code signing**, Codemagic takes care of Certificate and Provisioning profile management for you. Based on the `certificate private key` that you provide, Codemagic will automatically fetch the correct certificate from the App Store or create a new one if necessary. #### Certificate types There are several certificate types you can choose to sign your macOS app, depending on the distribution method you plan to use. - `MAC_APP_DEVELOPMENT` certificate allows you to build your app for internal testing and debugging. - `MAC_APP_DISTRIBUTION` certificate is used to sign a Mac app before submitting it to the Mac App Store - `MAC_INSTALLER_DISTRIBUTION` is used to sign and submit a Mac Installer Package to the Mac App Store - `DEVELOPER_ID_APPLICATION` is used to sign a Mac app before distributing it outside the Mac App Store - `DEVELOPER_ID_INSTALLER` is used to sign a Mac Installer Package before distributing it outside the Mac App Store For example, in order to publish to Mac App Store, the application must be signed with a `Mac App Distribution` certificate using a `Mac App Store` provisioning profile. If you want to create a `.pkg` Installer package, you must use a `Mac Installer Distribution` certificate. #### Obtaining the certificate private key To enable Codemagic to automatically fetch or create the correct signing certificate on your behalf, you need to provide the corresponding `certificate private key`. You then have to save that key as a Codemagic environment variable. ### Option: Create a new key %!s()