Skip to main content

Authentication Commands

Manage App Store Connect API credentials and authentication

Overview

Authentication commands manage your App Store Connect API credentials. Credentials are stored securely in the system keychain when available, with a config file fallback.

Authentication Resolution

Credentials are resolved in this order:
  1. Selected profile (keychain or config)
  2. Environment variables (fallback for missing fields)
Use --strict-auth or ASC_STRICT_AUTH=true to fail when sources are mixed.

Commands

asc auth init

Create a template config.json for authentication.
--force
boolean
default:"false"
Overwrite existing config.json
--local
boolean
default:"false"
Write config.json to ./.asc in the current repo instead of ~/.asc
--open
boolean
default:"false"
Open the App Store Connect API keys page in your browser
Examples: 
asc auth init
asc auth init --local
asc auth init --force
asc auth init --open
Response: 
{
  "config_path": "/Users/name/.asc/config.json",
  "created": true,
  "config": {}
}

asc auth login

Register and store App Store Connect API key credentials.
--name
string
required
Friendly name for this key
--key-id
string
required
App Store Connect API Key ID
--issuer-id
string
required
App Store Connect Issuer ID
--private-key
string
required
Path to private key (.p8) file
--bypass-keychain
boolean
default:"false"
Store credentials in config.json instead of keychain
--local
boolean
default:"false"
When bypassing keychain, write to ./.asc/config.json
--network
boolean
default:"false"
Validate credentials with a lightweight API request
--skip-validation
boolean
default:"false"
Skip JWT and network validation checks
Examples: 
asc auth login --name "MyKey" --key-id "ABC123" --issuer-id "DEF456" --private-key /path/to/AuthKey.p8
asc auth login --bypass-keychain --local --name "MyKey" --key-id "ABC123" --issuer-id "DEF456" --private-key /path/to/AuthKey.p8
asc auth login --network --name "MyKey" --key-id "ABC123" --issuer-id "DEF456" --private-key /path/to/AuthKey.p8
Output: 
Storing credentials in system keychain
Successfully registered API key 'MyKey'

asc auth switch

Switch the default authentication profile.
--name
string
required
Profile name to set as default
Examples: 
asc auth switch --name "Personal"
asc auth switch --name "Client"
Output: 
Default profile set to 'Personal'

asc auth logout

Remove stored API credentials.
--all
boolean
default:"false"
Remove all stored credentials (default behavior)
--name
string
Remove a named credential
Examples: 
asc auth logout
asc auth logout --all
asc auth logout --name "MyKey"
Output: 
Successfully removed stored credential 'MyKey'

asc auth status

Show current authentication status.
--output
string
default:"table"
Output format: table, json
--verbose
boolean
default:"false"
Show detailed storage information
--validate
boolean
default:"false"
Validate stored credentials via network
Examples: 
asc auth status
asc auth status --output json
asc auth status --verbose
asc auth status --validate
Response (table): 
Credential storage: System Keychain
Location: system keychain

Stored credentials:
Name    Key ID   Default  Stored In
MyKey   ABC123   yes      keychain
Response (JSON): 
{
  "storageBackend": "System Keychain",
  "storageLocation": "system keychain",
  "credentials": [
    {
      "name": "MyKey",
      "keyId": "ABC123",
      "isDefault": true,
      "storedIn": "keychain"
    }
  ],
  "environmentCredentialsProvided": false,
  "environmentCredentialsComplete": false
}

asc auth doctor

Diagnose authentication configuration issues.
--output
string
default:"text"
Output format: text, json
--fix
boolean
default:"false"
Attempt to fix issues where possible
--confirm
boolean
default:"false"
Confirm applying fixes (required with --fix)
Examples: 
asc auth doctor
asc auth doctor --output json
asc auth doctor --fix --confirm
Response: 
Auth Doctor

Keychain:
  [OK] Keychain available
  [OK] Keychain accessible

Config:
  [OK] Config file exists
  [OK] Config file readable

Profiles:
  [OK] Profile 'MyKey' valid

No issues found.

Environment Variables

  • ASC_KEY_ID - API Key ID
  • ASC_ISSUER_ID - Issuer ID
  • ASC_PRIVATE_KEY_PATH - Path to .p8 file
  • ASC_PRIVATE_KEY - PEM-encoded private key
  • ASC_PRIVATE_KEY_B64 - Base64-encoded private key
  • ASC_BYPASS_KEYCHAIN - Set to 1, true, yes, y, or on to bypass keychain
  • ASC_STRICT_AUTH - Set to true, 1, yes, y, or on to fail on mixed credential sources
  • ASC_PROFILE - Select a named profile

Generating API Keys

Generate API keys at: https://appstoreconnect.apple.com/access/integrations/api