Skip to main content

Protecting your code signing files

Abstract

You can set your code signing files to Protected mode: this means they cannot be downloaded from your bitrise.io account. Your builds will be able to use these protected files but no one will be able to reveal them and there is no way to overwrite them: you can only delete the files and upload new ones instead.

You can set your code signing files to Protected mode: this means they cannot be downloaded from your bitrise.io account. Your builds will be able to use these protected files but no one will be able to reveal them and there is no way to overwrite them: you can only delete the files and upload new ones instead.

  1. Open your app on Bitrise.

  2. Click the Workflows button on the main page.

    opening-workflow-editor.png
  3. On the Workflows & Pipelines pages, you can:

    • Click the Edit bitrise.yml button to get to the bitrise.yml tab of the Workflow Editor.

    • Click the edit-webhook.svg button next to the name of any Workflow to open it in the Workflow Editor.

  4. Go to the Code Signing & Files tab.

  5. Locate the file you wish to make protected and open the dropdown menu.

    Make code signing files protected
  6. Select the Make protected option.

    A pop-up window will warn you that this change is irreversible once you confirm it. You do not need to separately save your changes.

Once you are done, your only option in the file’s dropdown menu will be Delete.