Authentication
asc-cli uses the App Store Connect API which requires API key authentication.
Getting API Credentials
- Go to App Store Connect
- Navigate to Users and Access → Integrations → App Store Connect API
- Click the + button to generate a new key
- Choose a name (e.g., "asc-cli CLI")
- Select role: Admin or App Manager (for full access)
- Click Generate
You'll receive:
- Issuer ID - UUID format (same for all keys in your team)
- Key ID - 10 character identifier
- Private Key - Download the
.p8file (can only download once!)
caution
Store your .p8 private key securely. You cannot download it again after leaving the page.
Configuring asc-cli
Interactive Setup (Recommended)
asc auth login
Follow the prompts to enter your credentials.
Environment Variables
Set these in your shell or .env file:
export ASC_ISSUER_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export ASC_KEY_ID="XXXXXXXXXX"
export ASC_PRIVATE_KEY_PATH="~/.config/asc-cli/AuthKey_XXXXXXXXXX.p8"
Or provide the key content directly:
export ASC_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----"
Configuration File
Credentials are stored in ~/.config/asc-cli/credentials:
issuer_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
key_id=XXXXXXXXXX
private_key_path=~/.config/asc-cli/AuthKey_XXXXXXXXXX.p8
Verifying Authentication
Check your authentication status:
asc auth status
Test the connection by listing apps:
asc auth test
Logging Out
Remove stored credentials:
asc auth logout
Security Best Practices
- Never commit
.p8files to version control - Use environment variables in CI/CD pipelines
- Rotate keys periodically in App Store Connect
- Use least privilege - choose App Manager role if Admin isn't needed
Multiple Profiles
For multiple App Store Connect accounts:
# ~/.config/asc-cli/credentials
[default]
issuer_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
key_id = XXXXXXXXXX
private_key_path = ~/.config/asc-cli/keys/default.p8
[work]
issuer_id = yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy
key_id = YYYYYYYYYY
private_key_path = ~/.config/asc-cli/keys/work.p8
Use a profile:
asc --profile work apps list
CI/CD Setup
GitHub Actions
- name: Configure App Store Connect
env:
ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }}
ASC_PRIVATE_KEY: ${{ secrets.ASC_PRIVATE_KEY }}
run: asc auth test
Storing Secrets
- GitHub: Repository Settings → Secrets → Actions
- GitLab: Settings → CI/CD → Variables
- CircleCI: Project Settings → Environment Variables
Troubleshooting
"Not authenticated" error
Run asc auth login to configure credentials.
"Invalid token" error
- Verify your Issuer ID and Key ID are correct
- Ensure the
.p8file is readable and not corrupted - Check that the key hasn't been revoked in App Store Connect
- Verify system clock is accurate (JWT tokens are time-sensitive)
"Insufficient permissions" error
Your API key role may not have access to the requested resource. Check your role in App Store Connect → Users and Access.
"File not found" error
Ensure the .p8 file path is correct:
ls -la ~/.config/asc-cli/AuthKey_*.p8
Learn More
- Quick Start - Get running in 5 minutes
- Configuration - All configuration options
- Troubleshooting - Common issues