Using automatically managed credentials
For your app to be distributed in an app store, it needs to be digitally signed with credentials such as a keystore or a distribution certificate. This certifies the source of the app and ensure that it can't be tampered with. Other credentials, such as your Apple Push Key and FCM API Key, are needed to send push notifications, but they are not involved in app signing.
Thankfully, that's all that you need to know about any of this to build an app with EAS Build, but if you would like to learn more you can refer to the
"App Signing" guide.
Read on to learn how EAS can automatically manage credentials for you and your team.
When you run eas build
, you will be prompted to generate credentials if you have not done so already. Follow the simple instructions to generate your credentials. Where needed, they will be stored on EAS servers. On subsequent builds of your app, these credentials will be re-used unless you specify otherwise.
Generating your iOS credentials (distribution certificate, provisioning profile, and push key) requires you you to sign in with an
Apple Developer Program membership.
If you have any security concerns about EAS managing your credentials or about logging in to your Apple Developer account through EAS CLI, please refer to the
"Security" guide. If that does not satisfy your concerns, you can reach out to
preview@expo.io for more information, or use
local credentials instead.
After you have generated your iOS credentials, it's no longer necessary to have access to the Apple Developer team in order to start a build. This means that your collaborators can start new iOS builds with only their Expo accounts. To start a build using existing credentials and without signing in to Apple, run eas build --skip-credentials-check
. There is no equivalent validation necessary for Android, and so this flag is not needed for Android builds.