How do I manage iOS signing keys and provisioning profiles with GitLab runners?

Modified on Sun, 30 Jul 2023 at 03:43 PM

Managing iOS signing keys and provisioning profiles with GitLab runners can be achieved through various approaches, depending on your specific requirements and security considerations. Here's a general guide to help you get started:

Securely Store Signing Keys and Profiles: It's crucial to securely store your iOS signing keys and provisioning profiles to prevent unauthorized access. Avoid committing them to your Git repository. Instead, use GitLab's CI/CD variables or CI/CD environment variables to securely store sensitive information.

Create CI/CD Variables: In your GitLab project, navigate to Settings > CI/CD > Variables. Add the following variables:

FASTLANE_USER: Your Apple ID used for code signing.
FASTLANE_PASSWORD: An App-Specific Password generated from your Apple ID account.
MATCH_PASSWORD: The password used to encrypt your signing certificates and profiles (if using fastlane match).

Note: Make sure to enable "Mask variable" for each of these variables to hide their values in the pipeline logs.

Use Fastlane: Fastlane is a popular tool for automating iOS app deployments. It simplifies managing code signing, certificates, and provisioning profiles. You can define Fastlane lanes in your .gitlab-ci.yml file to handle iOS signing tasks.

Install Dependencies: In your .gitlab-ci.yml, include a before_script section to install necessary dependencies, including Fastlane.


Copy code


  - gem install fastlane

Define Fastlane Lanes: In your .gitlab-ci.yml, define custom Fastlane lanes for different stages of your pipeline. For example:

  - build
  - test
  - deploy

  stage: build
    - fastlane build

  stage: test
    - fastlane test

  stage: deploy
    - fastlane deploy
    - master

Fastlane Configuration: In your Fastfile, set up code signing actions using the GitLab CI/CD variables.

lane :build do
  # ... Other build steps ...
    export_method: "development",
    output_directory: "build",
    export_options: {
      provisioningProfiles: {

lane :test do
  # ... Other test steps ...
    skip_build: true,
    destination: "platform=iOS Simulator,OS=15.0,name=iPhone 13"

lane :deploy do
  # ... Other deployment steps ...
  match(type: "appstore")
  # ... Other deployment steps ...

Use fastlane match (Optional): If you have multiple GitLab runners or need to share signing certificates and profiles among team members, you can use fastlane's match to manage code signing identities in a secure repository.

Remember, the security of your iOS signing keys and profiles is critical. Take appropriate measures to protect them and follow best practices for managing sensitive information in your CI/CD pipelines. Additionally, consider automating the provisioning profile generation process using services like fastlane match to simplify the workflow and ensure consistency across your projects.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article