iOS code signing

Last updated at 2021-09-08

To run a build of your iOS app on Bitrise, you will need to provide code signing files in some way. The code signing of iOS projects requires:

You can store your code signing files and create a signed .ipa file for your iOS project (either native or cross-platform), or a signed .app or .pkg file for your MacOS project on You can manually upload all the required files (provisoning profiles and .p12 certificate files) or you can use automatic provisioning to automatically generate and manage provisioning profiles from a connected Apple Developer account. We’ll show you how to use either option!

Manual versus automatic provisioning

To avoid confusion, do not mix manual and automatic provisioning Steps when you are setting up your project for the first time. With manual provisioning, you are uploading your certificates and provisioning profiles to Bitrise and then they are inserted in the virtual machine by a Step. With automatic provisioning, you are downloading your certificates and provisioning profiles directly from your Apple account.

We also support using Xcode’s Automatically manage signing option, with both manual and automatic provisioning.

iOS code signing procedure

The basic workflow of code signing is pretty straightforward:

  1. Collect the required files with our codesigndoc tool.
  2. Upload your code signing files to You can upload the files using codesigndoc or manually on the website. For provisioning profiles, you can use:
  3. Use the Xcode Archive & Export for iOS or the Xamarin Archive Step to create a signed .ipa:

iOS code signing with third party tools

You can use third party tools to manage code signing on Bitrise, such as fastlane match or fastlane sigh. However, we recommend using our own steps and tools.

Third party guide for code signing

If you decide to use a third party tool for code signing management, please consult the tool’s documentation and issue tracker, we only provide customer support for our own Step (Certificate and profile installer) and tools (codesigndoc)!

Even if you use a third party tool to manage your code signing files, and you don’t plan to upload any code signing file to, you should keep the Certificate and profile installer Step in your Workflow. This is because certain tools were not designed to work in an ephemeral environment, or in a full clean macOS install, and the Certificate and profile installer Step includes common workarounds for this situation. It’s not guaranteed that it will help with the tool of your choice, but it won’t cause any issue either.