How do I manually add existing provisioning profiles and certificates to fastlane match?
Starting fastlane 2.128, you can now import certificates
Starting fastlane 2.144, you can now import profiles too
fastlane match import \
--username [email protected] \
--git_url https://github.com/your_org/match_repo \
--app_identifier com.your.app \
--team_name "Your Team" \
--type appstore
Thanks to DimitarTachev's PR!
Check out
fastlane match import --help
Output:
[✔]
import
Usage: fastlane match import
Imports certificates and profiles into the encrypted repository
Options:
-y, --type STRING Define the profile type, can be appstore, adhoc, development, enterprise, developer_id, mac_installer_distribution (MATCH_TYPE)
--additional_cert_types ARRAY Create additional cert types needed for macOS installers (valid values: mac_installer_distribution, developer_id_installer) (MATCH_ADDITIONAL_CERT_TYPES)
--readonly [VALUE] Only fetch existing certificates and profiles, don't generate new ones (MATCH_READONLY)
--generate_apple_certs [VALUE] Create a certificate type for Xcode 11 and later (Apple Development or Apple Distribution) (MATCH_GENERATE_APPLE_CERTS)
--skip_provisioning_profiles [VALUE] Skip syncing provisioning profiles (MATCH_SKIP_PROVISIONING_PROFILES)
-a, --app_identifier ARRAY The bundle identifier(s) of your app (comma-separated string or array of strings) (MATCH_APP_IDENTIFIER)
--api_key_path STRING Path to your App Store Connect API Key JSON file (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-json-file) (SIGH_API_KEY_PATH)
--api_key STRING Your App Store Connect API Key information (https://docs.fastlane.tools/app-store-connect-api/#use-return-value-and-pass-in-as-an-option) (SIGH_API_KEY)
-u, --username STRING Your Apple ID Username (MATCH_USERNAME)
-b, --team_id STRING The ID of your Developer Portal team if you're in multiple teams (FASTLANE_TEAM_ID)
-l, --team_name STRING The name of your Developer Portal team if you're in multiple teams (FASTLANE_TEAM_NAME)
-q, --storage_mode STRING Define where you want to store your certificates (MATCH_STORAGE_MODE)
-r, --git_url STRING URL to the git repo containing all the certificates (MATCH_GIT_URL)
--git_branch STRING Specific git branch to use (MATCH_GIT_BRANCH)
--git_full_name STRING git user full name to commit (MATCH_GIT_FULL_NAME)
--git_user_email STRING git user email to commit (MATCH_GIT_USER_EMAIL)
--shallow_clone [VALUE] Make a shallow clone of the repository (truncate the history to 1 revision) (MATCH_SHALLOW_CLONE)
--clone_branch_directly [VALUE] Clone just the branch specified, instead of the whole repo. This requires that the branch already exists. Otherwise the command will fail
(MATCH_CLONE_BRANCH_DIRECTLY)
--git_basic_authorization STRING Use a basic authorization header to access the git repo (e.g.: access via HTTPS, GitHub Actions, etc), usually a string in Base64 (MATCH_GIT_BASIC_AUTHORIZATION)
--git_bearer_authorization STRING Use a bearer authorization header to access the git repo (e.g.: access to an Azure DevOps repository), usually a string in Base64
(MATCH_GIT_BEARER_AUTHORIZATION)
--git_private_key STRING Use a private key to access the git repo (e.g.: access to GitHub repository via Deploy keys), usually a id_rsa named file or the contents hereof (MATCH_GIT_PRIVATE_KEY)
--google_cloud_bucket_name STRING Name of the Google Cloud Storage bucket to use (MATCH_GOOGLE_CLOUD_BUCKET_NAME)
--google_cloud_keys_file STRING Path to the gc_keys.json file (MATCH_GOOGLE_CLOUD_KEYS_FILE)
--google_cloud_project_id STRING ID of the Google Cloud project to use for authentication (MATCH_GOOGLE_CLOUD_PROJECT_ID)
--s3_region STRING Name of the S3 region (MATCH_S3_REGION)
--s3_access_key STRING S3 access key (MATCH_S3_ACCESS_KEY)
--s3_secret_access_key STRING S3 secret access key (MATCH_S3_SECRET_ACCESS_KEY)
--s3_bucket STRING Name of the S3 bucket (MATCH_S3_BUCKET)
--s3_object_prefix STRING Prefix to be used on all objects uploaded to S3 (MATCH_S3_OBJECT_PREFIX)
-s, --keychain_name STRING Keychain the items should be imported to (MATCH_KEYCHAIN_NAME)
-p, --keychain_password STRING This might be required the first time you access certificates on a new mac. For the login/default keychain this is your macOS account password
(MATCH_KEYCHAIN_PASSWORD)
--force [VALUE] Renew the provisioning profiles every time you run match (MATCH_FORCE)
--force_for_new_devices [VALUE] Renew the provisioning profiles if the device count on the developer portal has changed. Ignored for profile type 'appstore' (MATCH_FORCE_FOR_NEW_DEVICES)
--skip_confirmation [VALUE] Disables confirmation prompts during nuke, answering them with yes (MATCH_SKIP_CONFIRMATION)
--skip_docs [VALUE] Skip generation of a README.md for the created git repository (MATCH_SKIP_DOCS)
-o, --platform STRING Set the provisioning profile's platform to work with (i.e. ios, tvos, macos, catalyst) (MATCH_PLATFORM)
--derive_catalyst_app_identifier [VALUE] Enable this if you have the Mac Catalyst capability enabled and your project was created with Xcode 11.3 or earlier. Prepends 'maccatalyst.' to the app
identifier for the provisioning profile mapping (MATCH_DERIVE_CATALYST_APP_IDENTIFIER)
--template_name STRING The name of provisioning profile template. If the developer account has provisioning profile templates (aka: custom entitlements), the template name can be found by
inspecting the Entitlements drop-down while creating/editing a provisioning profile (e.g. "Apple Pay Pass Suppression Development") (MATCH_PROVISIONING_PROFILE_TEMPLATE_NAME)
--profile_name STRING A custom name for the provisioning profile. This will replace the default provisioning profile name if specified (MATCH_PROVISIONING_PROFILE_NAME)
--fail_on_name_taken [VALUE] Should the command fail if it was about to create a duplicate of an existing provisioning profile. It can happen due to issues on Apple Developer Portal, when profile
to be recreated was not properly deleted first (MATCH_FAIL_ON_NAME_TAKEN)
--skip_certificate_matching [VALUE] Set to true if there is no access to Apple developer portal but there are certificates, keys and profiles provided. Only works with match import action
(MATCH_SKIP_CERTIFICATE_MATCHING)
--output_path STRING Path in which to export certificates, key and profile (MATCH_OUTPUT_PATH)
-P, --skip_set_partition_list [VALUE] Skips setting the partition list (which can sometimes take a long time). Setting the partition list is usually needed to prevent Xcode from prompting to
allow a cert to be used for signing (MATCH_SKIP_SET_PARTITION_LIST)
There is a manual that explains how to manually add profiles and certificates at http://macoscope.com/blog/simplify-your-life-with-fastlane-match/#migration