Skip to main content

Overview

Authentication commands manage your App Store Connect API credentials. Credentials are stored securely in the system keychain when available, with a config file fallback.

Authentication Resolution

Credentials are resolved in this order:
  1. Selected profile (keychain or config)
  2. Environment variables (fallback for missing fields)
Use --strict-auth or ASC_STRICT_AUTH=true to fail when sources are mixed.

Commands

asc auth init

Create a template config.json for authentication.
--force
boolean
default:"false"
Overwrite existing config.json
--local
boolean
default:"false"
Write config.json to ./.asc in the current repo instead of ~/.asc
--open
boolean
default:"false"
Open the App Store Connect API keys page in your browser
Examples: 
asc auth init
asc auth init --local
asc auth init --force
asc auth init --open
Response: 
{
  "config_path": "/Users/name/.asc/config.json",
  "created": true,
  "config": {}
}

asc auth login

Register and store App Store Connect API key credentials.
--name
string
required
Friendly name for this key
--key-id
string
required
App Store Connect API Key ID
--issuer-id
string
required
App Store Connect Issuer ID
--private-key
string
required
Path to private key (.p8) file
--bypass-keychain
boolean
default:"false"
Store credentials in config.json instead of keychain
--local
boolean
default:"false"
When bypassing keychain, write to ./.asc/config.json
--network
boolean
default:"false"
Validate credentials with a lightweight API request
--skip-validation
boolean
default:"false"
Skip JWT and network validation checks
Examples: 
asc auth login --name "MyKey" --key-id "ABC123" --issuer-id "DEF456" --private-key /path/to/AuthKey.p8
asc auth login --bypass-keychain --local --name "MyKey" --key-id "ABC123" --issuer-id "DEF456" --private-key /path/to/AuthKey.p8
asc auth login --network --name "MyKey" --key-id "ABC123" --issuer-id "DEF456" --private-key /path/to/AuthKey.p8
Output: 
Storing credentials in system keychain
Successfully registered API key 'MyKey'

asc auth switch

Switch the default authentication profile.
--name
string
required
Profile name to set as default
Examples: 
asc auth switch --name "Personal"
asc auth switch --name "Client"
Output: 
Default profile set to 'Personal'

asc auth logout

Remove stored API credentials.
--all
boolean
default:"false"
Remove all stored credentials (default behavior)
--name
string
Remove a named credential
Examples: 
asc auth logout
asc auth logout --all
asc auth logout --name "MyKey"
Output: 
Successfully removed stored credential 'MyKey'

asc auth status

Show current authentication status.
--output
string
default:"table"
Output format: table, json
--verbose
boolean
default:"false"
Show detailed storage information
--validate
boolean
default:"false"
Validate stored credentials via network
Examples: 
asc auth status
asc auth status --output json
asc auth status --verbose
asc auth status --validate
Response (table): 
Credential storage: System Keychain
Location: system keychain

Stored credentials:
Name    Key ID   Default  Stored In
MyKey   ABC123   yes      keychain
Response (JSON): 
{
  "storageBackend": "System Keychain",
  "storageLocation": "system keychain",
  "credentials": [
    {
      "name": "MyKey",
      "keyId": "ABC123",
      "isDefault": true,
      "storedIn": "keychain"
    }
  ],
  "environmentCredentialsProvided": false,
  "environmentCredentialsComplete": false
}

asc auth doctor

Diagnose authentication configuration issues.
--output
string
default:"text"
Output format: text, json
--fix
boolean
default:"false"
Attempt to fix issues where possible
--confirm
boolean
default:"false"
Confirm applying fixes (required with --fix)
Examples: 
asc auth doctor
asc auth doctor --output json
asc auth doctor --fix --confirm
Response: 
Auth Doctor

Keychain:
  [OK] Keychain available
  [OK] Keychain accessible

Config:
  [OK] Config file exists
  [OK] Config file readable

Profiles:
  [OK] Profile 'MyKey' valid

No issues found.

Environment Variables

  • ASC_KEY_ID - API Key ID
  • ASC_ISSUER_ID - Issuer ID
  • ASC_PRIVATE_KEY_PATH - Path to .p8 file
  • ASC_PRIVATE_KEY - PEM-encoded private key
  • ASC_PRIVATE_KEY_B64 - Base64-encoded private key
  • ASC_BYPASS_KEYCHAIN - Set to 1, true, yes, y, or on to bypass keychain
  • ASC_STRICT_AUTH - Set to true, 1, yes, y, or on to fail on mixed credential sources
  • ASC_PROFILE - Select a named profile

Generating API Keys

Generate API keys at: https://appstoreconnect.apple.com/access/integrations/api