For your app to be distributed in an app store, it needs to be digitally signed with credentials such as a keystore or a distribution certificate. This certifies the source of the app and ensure that it can't be tampered with. Other credentials, such as your Apple Push Key and FCM API Key, are needed to send push notifications, but they are not involved in app signing.

Thankfully, that's all that you need to know about any of this to build an app with EAS Build, but if you would like to learn more you can refer to the "App Signing" guide.

Read on to learn how EAS can automatically manage credentials for you and your team.

When you run eas build, you will be prompted to generate credentials if you have not done so already. Follow the simple instructions to generate your credentials. Where needed, they will be stored on EAS servers. On subsequent builds of your app, these credentials will be re-used unless you specify otherwise.

Generating your iOS credentials (distribution certificate, provisioning profile, and push key) requires you you to sign in with an Apple Developer Program membership.

If you collaborate on your project with other developers, it is often useful to give them access to perform builds on their own. Ensure that your project is configured for collaboration and any teammates that you have added through your Expo dashboard will be able to run eas build seamlessly, provided that they have sufficient permissions.

After you have generated your iOS credentials, it's no longer necessary to have access to the Apple Developer team in order to start a build. This means that your collaborators can start new iOS builds with only their Expo accounts. To start a build using existing credentials and without signing in to Apple, run eas build --skip-credentials-check. There is no equivalent validation necessary for Android, and so this flag is not needed for Android builds.

You can view your currently configured app signing credentials by running eas credentials. This command also lets you remove and modify credentials, should you need to make any changes. Typically this is not necessary, but you may want to use it if you want to sync your credentials to your local machine to run a build locally or migrate existing credentials to be automatically managed.