Asc Signing Setup

Name: Asc Signing Setup
Author: rudrankriyam

rudrankriyam/app-store-connect-cli-skills

Create bundle IDs, certificates, provisioning profiles, and encrypted team sync for iOS or macOS using the asc CLI.

Overview

asc signing setup is an agent skill for the Ship phase that configures App Store Connect bundle IDs, capabilities, certificates, and provisioning profiles via the asc CLI.

Install

npx skills add https://github.com/rudrankriyam/app-store-connect-cli-skills --skill asc-signing-setup

What is this skill?

Numbered workflow: bundle ID, capabilities, certificates, provisioning profiles
Supports IOS_DISTRIBUTION certificates with CSR upload or inline --generate-csr
Bundle capability configuration including ICLOUD with JSON settings examples
Encrypted signing sync for sharing assets across a small team
Preconditions checklist: asc auth, bundle identifier, platform, and CSR readiness
4-step numbered workflow in SKILL.md

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 2.2k installs on skills.sh; 845 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need Apple signing assets for a new or renewed iOS/macOS app but the portal and Xcode steps are easy to get wrong or hard to repeat on CI.

Who is it for?

Solo or tiny teams shipping native Apple apps who already use or want to automate rudrankriyam’s asc CLI for signing lifecycle.

Skip if: Android-only or pure web products, or teams forbidden from storing signing keys in shared sync without your own security review.

When should I use this skill?

Onboarding a new iOS/macOS app, rotating signing assets, or sharing them across a team with asc.

What do I get? / Deliverables

You complete asc-driven bundle ID, capability, certificate, and profile setup—including optional encrypted sync—so Xcode or CI can sign release builds consistently.

Bundle ID with configured capabilities
Distribution certificate and keys
Provisioning profiles and encrypted sync setup

Recommended Skills

Vercel React Native Skillsvercel-labs/agent-skills

Agent-oriented React Native performance playbook spanning core rendering, list optimization, and incremental tuning for …137k installs·27.7k stars

Firebase Basicsfirebase/agent-skills

Firebase-basics is an agent skill that walks solo builders through standing up Firebase for an Android application using…76.3k installs·345 stars

Building Native Uiexpo/skills

building-native-ui is an Expo-oriented agent skill that steers solo builders toward React Native Reanimated v4 for anima…46.9k installs·2k stars

Firebase Ai Logic Basicsfirebase/agent-skills

firebase-ai-logic-basics is a Firebase agent skill for solo builders shipping Flutter apps who want Google Gemini throug…39.7k installs·345 stars

Native Data Fetchingexpo/skills

Native Data Fetching is an Expo agent skill that governs how solo builders implement and troubleshoot every network requ…37.2k installs·2k stars

Firebase Firestorefirebase/agent-skills

Firebase-firestore is a narrow Firebase agent skill for solo builders shipping Android apps in Kotlin who need Cloud Fir…37k installs·345 stars

Journey fit

Primary fit

Signing assets are release infrastructure you finalize before TestFlight or App Store submission, which maps to Ship launch prep rather than ideation or growth analytics. Launch subphase covers distribution-ready signing—not day-to-day feature work in Build frontend or post-release Operate monitoring.

How it compares

CLI-first signing runbook for asc—not a generic Fastlane tutorial or manual-only Xcode UI walkthrough.

Common Questions / FAQ

Who is asc-signing-setup for?

Indie iOS/macOS builders and small teams onboarding App Store distribution or rotating certificates who want repeatable asc commands in the agent.

When should I use asc-signing-setup?

Use when onboarding a new app to App Store Connect, renewing IOS_DISTRIBUTION certificates, adding bundle capabilities like ICLOUD, or setting up encrypted signing sync for collaborators.

Is asc-signing-setup safe to install?

It guides creation of certificates and keys—high sensitivity; review the Security Audits panel on this page, protect CSRs and private keys, and never commit secrets to git.

SKILL.md

READMESKILL.md - Asc Signing Setup

# asc signing setup

Use this skill when you need to create or renew signing assets for iOS/macOS apps.

## Preconditions
- Auth is configured (`asc auth login` or `ASC_*` env vars).
- You know the bundle identifier and target platform.
- You have a CSR file for certificate creation, or you will let `asc certificates create --generate-csr` create one.

## Workflow
1. Create or find the bundle ID:
   - `asc bundle-ids list --paginate`
   - `asc bundle-ids create --identifier "com.example.app" --name "Example" --platform IOS`
2. Configure bundle ID capabilities:
   - `asc bundle-ids capabilities list --bundle "BUNDLE_ID"`
   - `asc bundle-ids capabilities add --bundle "BUNDLE_ID" --capability ICLOUD`
   - Add capability settings when required:
     - `--settings '[{"key":"ICLOUD_VERSION","options":[{"key":"XCODE_13","enabled":true}]}]'`
3. Create a signing certificate:
   - `asc certificates list --certificate-type IOS_DISTRIBUTION`
   - `asc certificates create --certificate-type IOS_DISTRIBUTION --csr "./cert.csr"`
   - Or generate a key and CSR inline:
     - `asc certificates create --certificate-type IOS_DISTRIBUTION --generate-csr --key-out "./signing/dist.key" --csr-out "./signing/dist.csr"`
4. Create a provisioning profile:
   - `asc profiles create --name "AppStore Profile" --profile-type IOS_APP_STORE --bundle "BUNDLE_ID" --certificate "CERT_ID"`
   - Include devices for development/ad-hoc:
     - `asc profiles create --name "Dev Profile" --profile-type IOS_APP_DEVELOPMENT --bundle "BUNDLE_ID" --certificate "CERT_ID" --device "DEVICE_ID"`
5. Download the profile:
   - `asc profiles download --id "PROFILE_ID" --output "./profiles/AppStore.mobileprovision"`
6. Inspect and install the downloaded profile locally when needed:
   - `asc profiles inspect --path "./profiles/AppStore.mobileprovision" --output table`
   - `asc profiles inspect --path "./profiles/AppStore.mobileprovision" --entitlements --output markdown`
   - `asc profiles local install --path "./profiles/AppStore.mobileprovision"`
   - `asc profiles local list --output table`

## Rotation and cleanup
- Revoke old certificates:
  - `asc certificates revoke --id "CERT_ID" --confirm`
- Audit remote provisioning profiles before deleting or rotating:
  - `asc profiles list --profile-state ACTIVE,INVALID --paginate --output json`
  - Apple `profileState` is not a complete expiration signal: some profiles can have a past `expirationDate` while still reporting `ACTIVE`. For true expired-profile audits, compare `expirationDate` against the current date instead of relying only on `INVALID`.
- Delete old profiles:
  - `asc profiles delete --id "PROFILE_ID" --confirm`
- Clean local Xcode provisioning profiles:
  - `asc profiles local clean --expired --dry-run`
  - `asc profiles local clean --expired --confirm`

## Shared team storage with `asc signing sync`
Use this when you want a lightweight, non-interactive alternative to fastlane match for encrypted git-backed certificate/profile storage.

```bash
# Push current ASC signing assets into an encrypted git repo
asc signing sync push \
  --bundle-id "com.example.app" \
  --profile-type IOS_APP_STORE \
  --repo "git@github.com:team/certs.git" \
  --password "$MATCH_PASSWORD"

# Pull and decrypt them into a local directory
asc signing sync pull \
  --repo "git@github.com:team/certs.git" \
  --password "$MATCH_PASSWORD" \
  --output-dir "./signing"
```

Notes:
- `--password` falls back to `ASC_MATCH_PASSWORD`.
- The encrypted repo follows a familiar match-style git layout for certs and profiles.
- `pull` writes files to disk; keychain import or profile installation is a separate step.

## Notes
- Always check `--help` for the exact enum values (certificate types, profile type

What is this skill?

Numbered workflow: bundle ID, capabilities, certificates, provisioning profiles

Supports IOS_DISTRIBUTION certificates with CSR upload or inline --generate-csr

Bundle capability configuration including ICLOUD with JSON settings examples

Encrypted signing sync for sharing assets across a small team

Preconditions checklist: asc auth, bundle identifier, platform, and CSR readiness

4-step numbered workflow in SKILL.md

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 2.2k installs on skills.sh; 845 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Asc Signing Setup

# asc signing setup

Use this skill when you need to create or renew signing assets for iOS/macOS apps.

## Preconditions
- Auth is configured (`asc auth login` or `ASC_*` env vars).
- You know the bundle identifier and target platform.
- You have a CSR file for certificate creation, or you will let `asc certificates create --generate-csr` create one.

## Workflow
1. Create or find the bundle ID:
   - `asc bundle-ids list --paginate`
   - `asc bundle-ids create --identifier "com.example.app" --name "Example" --platform IOS`
2. Configure bundle ID capabilities:
   - `asc bundle-ids capabilities list --bundle "BUNDLE_ID"`
   - `asc bundle-ids capabilities add --bundle "BUNDLE_ID" --capability ICLOUD`
   - Add capability settings when required:
     - `--settings '[{"key":"ICLOUD_VERSION","options":[{"key":"XCODE_13","enabled":true}]}]'`
3. Create a signing certificate:
   - `asc certificates list --certificate-type IOS_DISTRIBUTION`
   - `asc certificates create --certificate-type IOS_DISTRIBUTION --csr "./cert.csr"`
   - Or generate a key and CSR inline:
     - `asc certificates create --certificate-type IOS_DISTRIBUTION --generate-csr --key-out "./signing/dist.key" --csr-out "./signing/dist.csr"`
4. Create a provisioning profile:
   - `asc profiles create --name "AppStore Profile" --profile-type IOS_APP_STORE --bundle "BUNDLE_ID" --certificate "CERT_ID"`
   - Include devices for development/ad-hoc:
     - `asc profiles create --name "Dev Profile" --profile-type IOS_APP_DEVELOPMENT --bundle "BUNDLE_ID" --certificate "CERT_ID" --device "DEVICE_ID"`
5. Download the profile:
   - `asc profiles download --id "PROFILE_ID" --output "./profiles/AppStore.mobileprovision"`
6. Inspect and install the downloaded profile locally when needed:
   - `asc profiles inspect --path "./profiles/AppStore.mobileprovision" --output table`
   - `asc profiles inspect --path "./profiles/AppStore.mobileprovision" --entitlements --output markdown`
   - `asc profiles local install --path "./profiles/AppStore.mobileprovision"`
   - `asc profiles local list --output table`

## Rotation and cleanup
- Revoke old certificates:
  - `asc certificates revoke --id "CERT_ID" --confirm`
- Audit remote provisioning profiles before deleting or rotating:
  - `asc profiles list --profile-state ACTIVE,INVALID --paginate --output json`
  - Apple `profileState` is not a complete expiration signal: some profiles can have a past `expirationDate` while still reporting `ACTIVE`. For true expired-profile audits, compare `expirationDate` against the current date instead of relying only on `INVALID`.
- Delete old profiles:
  - `asc profiles delete --id "PROFILE_ID" --confirm`
- Clean local Xcode provisioning profiles:
  - `asc profiles local clean --expired --dry-run`
  - `asc profiles local clean --expired --confirm`

## Shared team storage with `asc signing sync`
Use this when you want a lightweight, non-interactive alternative to fastlane match for encrypted git-backed certificate/profile storage.

```bash
# Push current ASC signing assets into an encrypted git repo
asc signing sync push \
  --bundle-id "com.example.app" \
  --profile-type IOS_APP_STORE \
  --repo "git@github.com:team/certs.git" \
  --password "$MATCH_PASSWORD"

# Pull and decrypt them into a local directory
asc signing sync pull \
  --repo "git@github.com:team/certs.git" \
  --password "$MATCH_PASSWORD" \
  --output-dir "./signing"
```

Notes:
- `--password` falls back to `ASC_MATCH_PASSWORD`.
- The encrypted repo follows a familiar match-style git layout for certs and profiles.
- `pull` writes files to disk; keychain import or profile installation is a separate step.

## Notes
- Always check `--help` for the exact enum values (certificate types, profile type

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is asc-signing-setup for?

When should I use asc-signing-setup?

Is asc-signing-setup safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is asc-signing-setup for?

When should I use asc-signing-setup?

Is asc-signing-setup safe to install?

SKILL.md