{"id":19190850,"url":"https://github.com/tinder/sign-here","last_synced_at":"2026-04-27T04:00:38.134Z","repository":{"id":173190392,"uuid":"650252060","full_name":"Tinder/sign-here","owner":"Tinder","description":"A straightforward tool that enables the creation of Provisioning Profiles and Certificates for deploying Apple based software","archived":false,"fork":false,"pushed_at":"2026-04-27T02:07:02.000Z","size":280,"stargazers_count":42,"open_issues_count":0,"forks_count":8,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-27T03:13:29.468Z","etag":null,"topics":["code-signing","codesigning","ios","macos"],"latest_commit_sha":null,"homepage":"","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tinder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-06-06T17:08:00.000Z","updated_at":"2026-04-27T01:53:12.000Z","dependencies_parsed_at":"2024-02-23T22:30:21.699Z","dependency_job_id":"5b28b226-d811-47da-8aca-1b1e2a12d71c","html_url":"https://github.com/Tinder/sign-here","commit_stats":null,"previous_names":["tinder/sign-here"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/Tinder/sign-here","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinder%2Fsign-here","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinder%2Fsign-here/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinder%2Fsign-here/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinder%2Fsign-here/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tinder","download_url":"https://codeload.github.com/Tinder/sign-here/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinder%2Fsign-here/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32321940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-signing","codesigning","ios","macos"],"created_at":"2024-11-09T11:36:01.146Z","updated_at":"2026-04-27T04:00:38.106Z","avatar_url":"https://github.com/Tinder.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sign-here\n\nA straightforward tool that enables the creation of Provisioning Profiles and Certificates for deploying Apple based software. This tool\nallows users to automate the creation of certificates and provisioning profiles in a simple to use API.\n\n## Prerequisites\n\n* Bazel (Tested with Bazel 6.0)\n* OpenSSL (tested with LibreSSL 3.3.6)\n\n## Getting Started\n\nTo start using `sign-here` immediately, simply clone down the repo and run the tool:\n\n```terminal\ngit clone https://github.com/Tinder/sign-here.git\ncd sign-here\nbazel run //Sources/SignHereTool:sign-here\n```\n\nActions such as `create-keychain` and `delete-keychain` do not require iTunes Connect API access thus\nthey do not require authentication information. For commands such as `create-provisioning-profile` and\n`delete-provisioning-profile` iTunes Connect API access will be needed, you will need to follow the guides\nfor [generating tokens](https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests) and\n[generating API keys](https://developer.apple.com/documentation/appstoreconnectapi/creating_api_keys_for_app_store_connect_api)\nfor the necessary credentials.\n\n## CLI Interface\n\n### create-keychain\n\n```terminal\nsign-here create-keychain --help\nOVERVIEW: Use this command to create a keychain to populate with signing information in the `create-provisioning-profile` command\n\nThis command sets up a keychain that is ready to use for signing actions. This command is not required and you may setup your own keychain\nfor usage in the `create-provisioning-profile` command.\n\nUSAGE: sign-here create-keychain --keychain-name \u003ckeychain-name\u003e --keychain-password \u003ckeychain-password\u003e\n\nOPTIONS:\n --keychain-name \u003ckeychain-name\u003e\n Name of the keychain to be created\n --keychain-password \u003ckeychain-password\u003e\n Password for the keychain to be created\n -h, --help Show help information.\n\n```\n\n### delete-keychain\n\n```terminal\nsign-here delete-keychain --help\nOVERVIEW: Use this command to delete a keychain from the system\n\nThis command can be used to delete a keychain from the system and restore sensible defaults for the keychain search list post deletion (i.e. setting login.keychain in the default search list)\n\nUSAGE: sign-here delete-keychain --keychain-name \u003ckeychain-name\u003e\n\nOPTIONS:\n --keychain-name \u003ckeychain-name\u003e\n Name of the keychain to be deleted\n -h, --help Show help information.\n```\n\n### create-provisioning-profile\n\n```terminal\nOVERVIEW: Use this command to create a ready to use provisioning profile.\n\nUse this command to create and save a mobile provisioning profile to a\nspecified location. This command\ntakes care of all necessary signing work and iTunes Connect API calls to get a\nready to use\nmobile provisioning profile.\n\nThe output of this command is the iTunes Connect API ID of the created\nprovisioning profile. This can\nbe used with the `delete-provisioning-profile` command to delete it if desired.\n\nUSAGE: sign-here create-provisioning-profile \u003coptions\u003e\n\nOPTIONS:\n --key-identifier \u003ckey-identifier\u003e\n The key identifier of the private key\n (https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests)\n --issuer-id \u003cissuer-id\u003e The issuer id of the private key\n (https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests)\n --private-key-path \u003cprivate-key-path\u003e\n The path to a private key to use for generating PEM\n and P12 files. This key will be attached to any\n generated certificates or profiles\n Use `openssl genrsa -out key.pem 2048` to generate it\n --itunes-connect-key-path \u003citunes-connect-key-path\u003e\n The path to the private key\n (https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests)\n --keychain-name \u003ckeychain-name\u003e\n The name of the keychain to use to store fetched\n identities\n --keychain-password \u003ckeychain-password\u003e\n The password of the keychain specified by\n --keychain-name\n --bundle-identifier \u003cbundle-identifier\u003e\n The bundle identifier of the app for which you want\n to generate a provisioning profile for\n --bundle-identifier-name \u003cbundle-identifier-name\u003e\n The bundle identifier name for the desired bundle\n identifier, this is optional but if it is not set the\n logic will select the first bundle id it finds that\n matches `--bundle-identifier`\n --platform \u003cplatform\u003e The intended operating system for the target\n (https://developer.apple.com/documentation/appstoreconnectapi/bundleidplatform)\n --profile-type \u003cprofile-type\u003e\n The profile type which you wish to create\n (https://developer.apple.com/documentation/appstoreconnectapi/profilecreaterequest/data/attributes)\n --certificate-type \u003ccertificate-type\u003e\n The certificate type which you wish to create\n (https://developer.apple.com/documentation/appstoreconnectapi/certificatetype)\n --output-path \u003coutput-path\u003e\n Where to save the created provisioning profile\n --openssl-path \u003copenssl-path\u003e\n Path to the openssl executable, this is used to\n generate CSR signing artifacts that are required when\n creating certificates\n --intermediary-apple-certificates \u003cintermediary-apple-certificates\u003e\n Intermediary Apple Certificates that should also be\n added to the keychain\n (https://www.apple.com/certificateauthority/)\n --profile-name \u003cprofile-name\u003e\n The name that you would like to assign to the created\n provisioning profile (optional)\n --certificate-signing-request-subject \u003ccertificate-signing-request-subject\u003e\n Subject for the Certificate Signing Request when\n creating certificates.\n\n OpenSSL documentation for this flag\n (https://www.openssl.org/docs/manmaster/man1/openssl-req.html):\n\n Sets subject name for new request or supersedes the\n subject name when processing a certificate request.\n\n The arg must be formatted as\n '/type0=value0/type1=value1/type2=....'. Special\n characters may be escaped by '\\' (backslash),\n whitespace is retained. Empty values are permitted,\n but the corresponding type will not be included in\n the request. Giving a single '/' will lead to an\n empty sequence of RDNs (a NULL-DN). Multi-valued RDNs\n can be formed by placing a '+' character instead of a\n '/' between the AttributeValueAssertions (AVAs) that\n specify the members of the set. Example:\n\n /DC=org/DC=OpenSSL/DC=users/UID=123456+CN=JohnDoe\n --auto-regenerate\n Defines if the profile should be regenerated in case\n it already exists (optional)\n --enterprise Controls if the enterprise API should be used.\n -h, --help Show help information.\n\n\n```\n\n### delete-provisioning-profile\n\n```terminal\nsign-here delete-provisioning-profile --help\nOVERVIEW: Use this command to delete a provisioning profile using its iTunes Connect API ID\n\nThis command can be used in conjunction with the `create-provisioning-profile` command to create and delete provisioning profiles.\n\nUSAGE: sign-here delete-provisioning-profile --provisioning-profile-id \u003cprovisioning-profile-id\u003e --key-identifier \u003ckey-identifier\u003e --issuer-id \u003cissuer-id\u003e --itunes-connect-key-path \u003citunes-connect-key-path\u003e\n\nOPTIONS:\n --provisioning-profile-id \u003cprovisioning-profile-id\u003e\n The iTunes Connect API ID of the provisioning profile to delete (https://developer.apple.com/documentation/appstoreconnectapi/profile)\n --key-identifier \u003ckey-identifier\u003e\n The key identifier of the private key (https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests)\n --issuer-id \u003cissuer-id\u003e The issuer id of the private key (https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests)\n --itunes-connect-key-path \u003citunes-connect-key-path\u003e\n The path to the private key (https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests)\n -h, --help Show help information.\n```\n\n## Installing\n\n### Download pre-built binary\n\n```terminal\ncurl -L https://github.com/Tinder/sign-here/releases/download/2.2.0/sign-here -o sign-here\nchmod +x sign-here\n./sign-here\n```\n\n### Build from source\n\nWORKSPACE\n\n```python\nload(\"@bazel_tools//tools/build_defs/repo:http.bzl\", \"http_archive\")\n\ncom_github_tinder_sign_here_version = \"2.2.0\"\nhttp_archive(\n name = \"com_github_tinder_sign_here\",\n url = \"https://github.com/Tinder/sign-here/archive/refs/tags/%s.tar.gz\" % com_github_tinder_sign_here_version,\n type = \"tar.gz\",\n strip_prefix = \"sign-here-%s\" % com_github_tinder_sign_here_version,\n)\n\nload(\n \"@com_github_tinder_sign_here//:repositories.bzl\",\n \"sign_here_dependencies\",\n)\n\nsign_here_dependencies()\n```\n\n### Running the tests\n\n```terminal\nbazel test //Tests/...\n```\n\n### License\n\n---\n\n```text\nCopyright (c) 2023, Match Group, LLC\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n * Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n * Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n * Neither the name of Match Group, LLC nor the names of its contributors\n may be used to endorse or promote products derived from this software\n without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL MATCH GROUP, LLC BE LIABLE FOR ANY\nDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\nON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinder%2Fsign-here","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftinder%2Fsign-here","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinder%2Fsign-here/lists"}