Use coupon code BLACKFRIDAY2021 to save

Signing Manager

Local Signing of iOS Apps, macOS Apps, and Packages with Remotely Secured Identities

60-Day Trial Get a Quote

Secure Your Signing Identities

Signing Manager for macOS provides an ideal system for securing code and package signing identities. Implement secure access to the identities with API keys, access controls, and auditing. Gain full control over iOS, macOS, watchOS, and iPadOS signing operations without disrupting the current workflow. Signing Manager works great for developers, CI/CD servers, or for any size team that releases software on Apple hardware.

See It In Action



  • Sign apps and packages without direct access to private keys
  • Sign iOS, iPadOS, tvOS, macOS apps
  • Local signing with native Apple tools
  • Limit signing operations based on API key
  • Signing Service on Linux or macOS
  • Full auditing of all signing operations
  • Easy updating of expired certificates
  • Command line interface for CI/CD servers

Web App

  • Host identities
  • Manage Users
  • Manage API Keys
  • Manage User roles
  • Auditing and Logging of Signing Operations
  • Deploy on macOS, Linux, or Cloud (AWS, others)
  • SAML and OpenID Support (Coming Soon!)


All the private keys associated with code signing or package signing certificates are not exposed to the process doing the signing. Only approved requests are allowed to perform signing operations, and an audit log is kept of all signing operations.

Easy To Use

The Signing Manager app just requires an API key and a URL. Once those values are configured, certificates are available for signing operations. The certificates are automatically added to the keychain and are shown in the Signing Manager. Apple signing tools request the certificate based on a fingerprint or name of the certificate, and Signing Manager handles the rest.

Use Built-in Signing Tools

Sign apps and packages using the built-in signing tools: codesign, xcodebuild, xcodearchive, productsign and more. All signing operations are transparent to the existing toolchain. All operations for configuring Signing Manager, discovering certificates, and signing binaries can be done on the command line, so it makes for an ideal solution for Developers using Xcode, Release Managers, or CI/CD Servers.

Deploy In-House or in the Cloud

Quickly deploy the web app to your data center or your cloud infrastructure. Since the identities are secured in the Signing Manager service, clients never have direct access to the private keys. All communication is over secure TLS and all management is done via an easy-to-use web interface.

Manage Access with Ease

The Signing Manager Service gives you control over who has access to signing operations against specific identities. Manage user access, API keys, and available identities with ease. Since certificates and private keys are not installed on developer or build servers, updating an expired certificate is easy. When the certificate expires, the certificates and keys are updated on the Signing Service and all operations continue.

System Requirements


  • macOS 10.15 Catalina or later


  • macOS or Linux system capable of running Ruby on Rails.
  • Certificate and private keys for signing macOS, iOS, watchOS, and iPadOS code and packages.

Signing Manager News & Tips

Customizing Signing Manager for a Web API

Created OnMay 11, 2021Last Updated OnMay 11, 2021byFederico Hernandez NaterOverview Signing Manager uses a script located in ~/Library/Application Scripts/com.twocanoes.signing-manager.tcstoken to discover and sign binaries. The binary is named “token” and requires the following options: Operations -s: perform signing operation. Requires -i, -a, -f and optionally -t. Returns a base64-encoded string of binary signature. -x: List…


Signing Manager Administrator Guide

Created OnMay 7, 2021Last Updated OnOctober 11, 2021byFederico Hernandez NaterCurrent Version 1.3 Overview Signing Manager is comprised of two components: Signing Manager App and Signing Manager Service. Signing Manager App is a macOS application for code signing and package signing using remote identities. It includes a CryptoTokenKit extension for presenting X.509 certificates to the macOS…