19

I have a large number of existing apps in product and I would like to use the existing profiles and certificates in fastlane match.

I understand that fastlane match can only work with the profiles and certificates it has created in the first place, but I am reluctant to "nuke" as suggested.

Is this possible?

I wonder if I manually add to the Git repo in the form that match expects whether that will be enough.

2 Answers 2

28

Starting fastlane 2.128, you can now import certificates

Starting fastlane 2.144, you can now import profiles too

fastlane match import \
    --username [email protected] \
    --git_url https://github.com/your_org/match_repo \
    --app_identifier com.your.app \
    --team_name "Your Team" \
    --type appstore

enter image description here

Thanks to DimitarTachev's PR!

Check out

fastlane match import --help

Output:

[✔] 🚀 

  import

  Usage: fastlane match import

  Imports certificates and profiles into the encrypted repository

  Options:
    -y, --type STRING    Define the profile type, can be appstore, adhoc, development, enterprise, developer_id, mac_installer_distribution (MATCH_TYPE) 
    --additional_cert_types ARRAY Create additional cert types needed for macOS installers (valid values: mac_installer_distribution, developer_id_installer) (MATCH_ADDITIONAL_CERT_TYPES) 
    --readonly [VALUE]   Only fetch existing certificates and profiles, don't generate new ones (MATCH_READONLY) 
    --generate_apple_certs [VALUE] Create a certificate type for Xcode 11 and later (Apple Development or Apple Distribution) (MATCH_GENERATE_APPLE_CERTS) 
    --skip_provisioning_profiles [VALUE] Skip syncing provisioning profiles (MATCH_SKIP_PROVISIONING_PROFILES) 
    -a, --app_identifier ARRAY The bundle identifier(s) of your app (comma-separated string or array of strings) (MATCH_APP_IDENTIFIER) 
    --api_key_path STRING Path to your App Store Connect API Key JSON file (https://docs.fastlane.tools/app-store-connect-api/#using-fastlane-api-key-json-file) (SIGH_API_KEY_PATH) 
    --api_key STRING     Your App Store Connect API Key information (https://docs.fastlane.tools/app-store-connect-api/#use-return-value-and-pass-in-as-an-option) (SIGH_API_KEY) 
    -u, --username STRING Your Apple ID Username (MATCH_USERNAME) 
    -b, --team_id STRING The ID of your Developer Portal team if you're in multiple teams (FASTLANE_TEAM_ID) 
    -l, --team_name STRING The name of your Developer Portal team if you're in multiple teams (FASTLANE_TEAM_NAME) 
    -q, --storage_mode STRING Define where you want to store your certificates (MATCH_STORAGE_MODE) 
    -r, --git_url STRING URL to the git repo containing all the certificates (MATCH_GIT_URL) 
    --git_branch STRING  Specific git branch to use (MATCH_GIT_BRANCH) 
    --git_full_name STRING git user full name to commit (MATCH_GIT_FULL_NAME) 
    --git_user_email STRING git user email to commit (MATCH_GIT_USER_EMAIL) 
    --shallow_clone [VALUE] Make a shallow clone of the repository (truncate the history to 1 revision) (MATCH_SHALLOW_CLONE) 
    --clone_branch_directly [VALUE] Clone just the branch specified, instead of the whole repo. This requires that the branch already exists. Otherwise the command will fail
(MATCH_CLONE_BRANCH_DIRECTLY) 
    --git_basic_authorization STRING Use a basic authorization header to access the git repo (e.g.: access via HTTPS, GitHub Actions, etc), usually a string in Base64 (MATCH_GIT_BASIC_AUTHORIZATION) 
    --git_bearer_authorization STRING Use a bearer authorization header to access the git repo (e.g.: access to an Azure DevOps repository), usually a string in Base64
(MATCH_GIT_BEARER_AUTHORIZATION) 
    --git_private_key STRING Use a private key to access the git repo (e.g.: access to GitHub repository via Deploy keys), usually a id_rsa named file or the contents hereof (MATCH_GIT_PRIVATE_KEY) 
    --google_cloud_bucket_name STRING Name of the Google Cloud Storage bucket to use (MATCH_GOOGLE_CLOUD_BUCKET_NAME) 
    --google_cloud_keys_file STRING Path to the gc_keys.json file (MATCH_GOOGLE_CLOUD_KEYS_FILE) 
    --google_cloud_project_id STRING ID of the Google Cloud project to use for authentication (MATCH_GOOGLE_CLOUD_PROJECT_ID) 
    --s3_region STRING   Name of the S3 region (MATCH_S3_REGION) 
    --s3_access_key STRING S3 access key (MATCH_S3_ACCESS_KEY) 
    --s3_secret_access_key STRING S3 secret access key (MATCH_S3_SECRET_ACCESS_KEY) 
    --s3_bucket STRING   Name of the S3 bucket (MATCH_S3_BUCKET) 
    --s3_object_prefix STRING Prefix to be used on all objects uploaded to S3 (MATCH_S3_OBJECT_PREFIX) 
    -s, --keychain_name STRING Keychain the items should be imported to (MATCH_KEYCHAIN_NAME) 
    -p, --keychain_password STRING This might be required the first time you access certificates on a new mac. For the login/default keychain this is your macOS account password
(MATCH_KEYCHAIN_PASSWORD) 
    --force [VALUE]      Renew the provisioning profiles every time you run match (MATCH_FORCE) 
    --force_for_new_devices [VALUE] Renew the provisioning profiles if the device count on the developer portal has changed. Ignored for profile type 'appstore' (MATCH_FORCE_FOR_NEW_DEVICES) 
    --skip_confirmation [VALUE] Disables confirmation prompts during nuke, answering them with yes (MATCH_SKIP_CONFIRMATION) 
    --skip_docs [VALUE]  Skip generation of a README.md for the created git repository (MATCH_SKIP_DOCS) 
    -o, --platform STRING Set the provisioning profile's platform to work with (i.e. ios, tvos, macos, catalyst) (MATCH_PLATFORM) 
    --derive_catalyst_app_identifier [VALUE] Enable this if you have the Mac Catalyst capability enabled and your project was created with Xcode 11.3 or earlier. Prepends 'maccatalyst.' to the app
identifier for the provisioning profile mapping (MATCH_DERIVE_CATALYST_APP_IDENTIFIER) 
    --template_name STRING The name of provisioning profile template. If the developer account has provisioning profile templates (aka: custom entitlements), the template name can be found by
inspecting the Entitlements drop-down while creating/editing a provisioning profile (e.g. "Apple Pay Pass Suppression Development") (MATCH_PROVISIONING_PROFILE_TEMPLATE_NAME) 
    --profile_name STRING A custom name for the provisioning profile. This will replace the default provisioning profile name if specified (MATCH_PROVISIONING_PROFILE_NAME) 
    --fail_on_name_taken [VALUE] Should the command fail if it was about to create a duplicate of an existing provisioning profile. It can happen due to issues on Apple Developer Portal, when profile
to be recreated was not properly deleted first (MATCH_FAIL_ON_NAME_TAKEN) 
    --skip_certificate_matching [VALUE] Set to true if there is no access to Apple developer portal but there are certificates, keys and profiles provided. Only works with match import action
(MATCH_SKIP_CERTIFICATE_MATCHING) 
    --output_path STRING Path in which to export certificates, key and profile (MATCH_OUTPUT_PATH) 
    -P, --skip_set_partition_list [VALUE] Skips setting the partition list (which can sometimes take a long time). Setting the partition list is usually needed to prevent Xcode from prompting to
allow a cert to be used for signing (MATCH_SKIP_SET_PARTITION_LIST)
4
  • 5
    --type appstore was crucial for me, as it was the distribution certificate I was importing, but kept getting errors saying there was no certificates matching the one I was importing..
    – Paaske
    Nov 27, 2019 at 12:26
  • Thanks @Ted, is there some ticket for importing existing provisions on github.com/fastlane/fastlane/issues?
    – CAMOBAP
    Dec 19, 2019 at 18:30
  • 1
    I've opened a PR for both Provisioning Profiles and Windows support - github.com/fastlane/fastlane/pull/16188 Mar 18, 2020 at 15:01
  • 1
    How did you handle the App Store Connect password? When I run match import with --readonly parameter, it's anyway asking me to Login to App Store Connect. I am not sure why do I need to give my password to Developer account and maybe can use token instead...
    – bodich
    May 28, 2022 at 5:53
8

There is a manual that explains how to manually add profiles and certificates at http://macoscope.com/blog/simplify-your-life-with-fastlane-match/#migration

Edit: Wayback Machine link since the above isn't loading anymore: https://web.archive.org/web/20161124141102/http://macoscope.com/blog/simplify-your-life-with-fastlane-match/

2
  • I'll give this a go and update if I'm successful... Thanks. May 5, 2016 at 21:19
  • @harshayarabarla That tutorial is good. In the end., I ended up using nuke mainly because I understood the process and intent of profiles more and nuke fit well with that. Aug 1, 2016 at 2:32

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.