Swift Tricks

My own, mostly internal blog of Swift tips and tricks

Using fastlane match with existing certificates without revoking them


Getting fastlane match up and running with existing certificates is not the most straightforward process. Fortunately, there is a great tutorial here.

In summary you’ll need to use irb ruby shell to manually add the files. Here’s the short version in commands (read the tutorial, the official docs, and the ruby gem docs for more info).

IMPORTANT! For multiple teams you need to store them on separate branches so in this case exchange master with whatever branch you want.


1. Export the appropriate cert and p12 files from your Keychain (by selecting Certificates and choosing the correct one(s)). Don’t add a password!

2. Download all required provisioning profiles from the Apple Developer Portal.

3. List all certificates for reference to find out certificate ids (you’ll need them for file names)

require 'spaceship'
Spaceship.certificate.all.each do |cert| 
  cert_type = Spaceship::Portal::Certificate::CERTIFICATE_TYPE_IDS[cert.type_display_id].to_s.split("::")[-1]
  puts "Cert id: #{cert.id}, name: #{cert.name}, expires: #{cert.expires.strftime("%Y-%m-%d")}, type: #{cert_type}"

4. Prepare the git repo

require 'match'
git_url = 'git@gitlab.com:your/ios-certs-repo.git'
shallow_clone = false
manual_password = 'Your encryption password'
workspace = Match::GitHelper.clone(git_url, shallow_clone, manual_password: manual_password)

5. Now open up the folder (found under /var/folders/....., see the log under clone command) and add all the certificates in the proper folder structure. You’ll have /certs/development/*, /certs/profiles/*, and /certs/enterprise/* for the certificates and each needs to be named according to its certificate id (see step 3 above).

6. Add provisioning profiles by placing them in /profiles/appstore/AppStore_com.bundle.id.mobileprovision, /profiles/development/Development_com.bundle.id.mobileprovision, and /profiles/inhouse/InHouse_com.bundle.id.mobileprovision appropriately. Files must be named as mentioned here, with proper bundle id and prefix.

7. Commit the changes

Match::GitHelper.commit_changes(workspace, "Add certificate, private key and provisioning profiles", git_url, "your_branch")