Signing Manager

Local Signing of iOS Apps, macOS Apps, and Packages with Remotely Secured Identities

60-Day Trial Get a Quote
Abstract Shapes

Secure Your Signing Identities

Signing Manager for macOS provides an ideal system for securing code and package signing identities. Implement secure access to the identities with API keys, access controls, and auditing. Gain full control over iOS, macOS, watchOS, and iPadOS signing operations without disrupting the current workflow. Signing Manager works great for developers, CI/CD servers, or for any size team that releases software on Apple hardware.

See It in Action


Signing Manager Features

macOS

  • Sign apps and packages without direct access to private keys
  • Sign iOS, iPadOS, tvOS, macOS apps
  • Local signing with native Apple tools
  • Limit signing operations based on API key
  • Signing Service on Linux or macOS
  • Full auditing of all signing operations
  • Easy updating of expired certificates
  • Command line interface for CI/CD servers

Web App

  • Host identities
  • Manage Users
  • Manage API Keys
  • Manage User roles
  • Auditing and Logging of Signing Operations
  • Deploy on macOS, Linux, or Cloud (AWS, others)
  • SAML and OpenID Support (Coming Soon!)

Secure

All the private keys associated with code signing or package signing certificates are not exposed to the process doing the signing. Only approved requests are allowed to perform signing operations, and an audit log is kept of all signing operations.

Easy To Use

The Signing Manager app just requires an API key and a URL. Once those values are configured, certificates are available for signing operations. The certificates are automatically added to the keychain and are shown in the Signing Manager. Apple signing tools request the certificate based on a fingerprint or name of the certificate, and Signing Manager handles the rest.

Use Built-in Signing Tools

Sign apps and packages using the built-in signing tools: codesign, xcodebuild, xcodearchive, productsign and more. All signing operations are transparent to the existing toolchain. All operations for configuring Signing Manager, discovering certificates, and signing binaries can be done on the command line, so it makes for an ideal solution for Developers using Xcode, Release Managers, or CI/CD Servers.


Deploy In-House or in the Cloud

Quickly deploy the web app to your data center or your cloud infrastructure. Since the identities are secured in the Signing Manager service, clients never have direct access to the private keys. All communication is over secure TLS and all management is done via an easy-to-use web interface.

Manage Access with Ease

The Signing Manager Service gives you control over who has access to signing operations against specific identities. Manage user access, API keys, and available identities with ease. Since certificates and private keys are not installed on developer or build servers, updating an expired certificate is easy. When the certificate expires, the certificates and keys are updated on the Signing Service and all operations continue.

System Requirements

Client

  • macOS 10.15 Catalina or later

Server

  • macOS or Linux system capable of running Ruby on Rails.
  • Certificate and private keys for signing macOS, iOS, watchOS, and iPadOS code and packages.

Resources

Twocanoes Knowledge Base

Other Resources

Signing Manager Videos

Signing Manager News & Tips


Knowledgebase

How to Deploy Signing Service To AWS

 January 5, 2022
Install eb-cli Follow these instructions to install AWS eb-cli. https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3-install.html Clone the Repository Clone this repository and cd to its directory in Terminal. Add elasticbeanstalk…
Read More
Knowledgebase

Wrapping Private Keys for Google HSM from macOS Keychain

 December 15, 2021
We are integrating Hardware Security Module (HSM) support for our Signing Service! Importing existing developer identities is important; Signing Service is a secure service for…
Read More