Signing & TestFlight

MacOps manages your iOS signing for you. You provide an App Store Connect API key; MacOps creates and holds your distribution certificate, signs inside an isolated VM, and uploads to TestFlight.

1. Add an App Store Connect API key

1. In App Store Connect → Users and Access → Integrations, create a key with the App Manager role.
2. Note the Issuer ID and Key ID, and download the .p8 (one-time download).
3. Dashboard → Apple deploy → Add key → paste the Issuer ID, Key ID and .p8 contents. It's encrypted at rest (AES-256-GCM) and never returned.

2. Managed signing certificate

On your first deploy, MacOps generates a private key, has Apple issue an iOS Distribution certificate, and stores the key encrypted — you never handle a certificate or its private key. It's shown on the Apple deploy page (issued/expiry) and renews automatically before expiry. At build time the identity is imported into the ephemeral VM's keychain, used to sign, and discarded with the VM.

3. Create the app in App Store Connect

TestFlight requires the app record to exist. In App Store Connect → Apps → + New App, create it with your bundle identifier (MacOps registers the bundle ID for you on first deploy, so it appears in the dropdown).

4. Deploy

Apple deploy → pick a project → Deploy to TestFlight (or run a deploy job from the CLI/agent). MacOps archives, signs, and uploads. The latest build & processing state appear under TestFlight on the Apple deploy page.

TestFlight deploy is included on Pro and Team.