Getting Started
Set up MySigner and ship your first build in 5 minutes
Getting Started
Go from source code to App Store review or Google Play — in a single command. This guide walks you through installing the CLI, connecting your Apple and Google accounts, and shipping your first build.
Works with any mobile framework: MySigner auto-detects your project type — native Swift/Kotlin, React Native, Flutter, Ionic/Capacitor, Expo, or .NET MAUI. Just run commands from your project root.
Prerequisites
iOS
- macOS with Xcode installed
- An Apple Developer account with Admin access
- A mobile project that builds to iOS
Android
- Java 11+ (JDK) installed
- Android SDK installed with
ANDROID_HOMEconfigured - A Google Play Developer account
- A mobile project that builds to Android
CLI
- Ruby 3.2+ (check with
ruby -v)
Step 1: Install the CLI
gem install mysigner
Verify it's working:
mysigner version
If you use rbenv, runrbenv rehashafter installing.
Step 2: Set Up Your Account
You'll need three things before connecting the CLI: a MySigner account, an organization, and an API token. If you already have these, skip to Step 3.
Create an account
- Visit the MySigner Dashboard and sign up
- You can use email, Google, GitHub, or Apple to authenticate
- Verify your email if you signed up with email
You're auto-enrolled in a 14-day Pro trial — no card required. Every new account gets full Pro features (store uploads, AI translate / rewrite, screenshot studio quotas, etc.) for 14 days. After day 14 your account drops to Free unless you subscribe — nothing is deleted. See 14-Day Pro Trial for the full breakdown.
Create an organization
Organizations hold your apps, credentials, and team members.
- After signing in, click New Organization in the sidebar
- Enter a name (e.g., "Acme Inc")
- Click Create Organization
Plan note: Organization limits depend on your current plan. Early-access upgrades are still handled manually rather than through self-serve checkout.
Generate an API token
The CLI uses API tokens to authenticate with your MySigner account.
- Go to API Tokens in the sidebar
- Click Create Token
- Give it a descriptive name (e.g., "MacBook Pro CLI")
- Select the read and write scopes (Admin scope is also available — only Admin / Owner roles can create it; see the Permissions matrix)
- Click Create and copy the token immediately — you won't be able to see it again
Keep your API token secret. Never commit it to version control or share it publicly. In CI/CD, store it as an encrypted secret.
Step 3: Connect the CLI
Run the onboarding wizard — it walks you through connecting your CLI to MySigner step by step:
mysigner onboard
The wizard guides you through:
- Account setup — confirms you have a MySigner account (or helps you create one)
- Organization setup — confirms you have an organization ready
- API token — walks you through generating a token if you haven't yet
- CLI login — enter your email and paste the token to authenticate
- Store credentials — optionally configure App Store Connect right away
Your API token is stored encrypted at rest in ~/.mysigner/config.yml using AES-256-GCM:
- macOS — the encryption key lives in the system Keychain (
com.mysigner.cli/config_encryption_key). Tokens are never on disk in plaintext. - Linux / Windows — the encryption key falls back to a file at
~/.mysigner/.encryption_key(mode0600, owner-only). This is roughly equivalent in security to the config file itself; for the strongest posture, prefer the env-var path described below in CI/CD.
Other credentials (App Store Connect .p8 private keys, Google Play service-account JSON, keystore passwords) are not stored locally — they live on the MySigner server, encrypted at rest in the database, and are fetched on demand or brokered through the server during uploads. Android keystore files cached at ~/.mysigner/keystores/*.jks are plaintext binaries with a 24-hour TTL and 0600 perms; running mysigner logout wipes them.
CI/CD tip: in pipelines, set
MYSIGNER_API_TOKEN(and optionallyMYSIGNER_ORG_ID,MYSIGNER_EMAIL,MYSIGNER_API_URL) as encrypted secrets. The CLI uses env vars directly without touchingconfig.yml.Already have your token? You can skip the wizard and log in directly withmysigner login.
Step 4: Connect Your Store Accounts
MySigner needs API access to the stores you want to ship to. Set up one or both depending on your platforms.
App Store Connect (iOS)
Create an API Key in Apple
- Go to App Store Connect > Users and Access > Integrations > App Store Connect API
- Click the + button to generate a new key
- Name it (e.g., "MySigner") and select Admin access
- Click Generate
- Download the
.p8file — you can only download it once - Note the Key ID and Issuer ID shown on the page
Add to MySigner
- In the MySigner dashboard, go to App Store Connect in the sidebar
- Click Add Credential
- Fill in:
- Key ID — the 10-character key ID from Apple
- Issuer ID — the UUID from Apple
- Private Key — open your
.p8file and paste its contents
- Click Save
MySigner will verify the connection and sync your certificates, provisioning profiles, and registered devices.
Google Play (Android)
Create a Service Account
- Go to Google Cloud Console
- Create a new project or select an existing one
- Enable the Google Play Android Developer API
- Create a Service Account and download the JSON key
Grant Access in Google Play
- Open Google Play Console → Users and permissions
- Invite the service account email with Release Manager access (this is the minimum required — Admin works too but grants more than needed)
Add to MySigner
- In the MySigner dashboard, go to Google Play in the sidebar and upload the JSON key
- MySigner will validate the credentials and test the connection
Upload Your Keystore
- Go to Keystores in the sidebar
- Click Upload Keystore and upload your
.jksor.keystorefile - Enter the keystore password, key alias, and key password
- Click Activate to set it as the default signing key
You can set up either or both platforms later by runningmysigner doctor— it detects missing credentials and walks you through the setup interactively.
Step 5: Ship Your First Build
Navigate to your project's root directory and run one command. MySigner handles everything else — detecting your framework, building, signing, and uploading.
iOS to TestFlight
mysigner ship testflight
The CLI will detect your project, run any necessary pre-build steps (e.g., expo prebuild, cap sync, flutter pub get), build an Xcode archive, sign and export to IPA, and upload to TestFlight. Once Apple finishes processing (usually 5-15 minutes), the build appears in TestFlight for your testers.
iOS to App Store Review
mysigner ship appstore
This does everything testflight does, plus it automatically waits for Apple to process your build (polling every 3 minutes) and then submits it for App Store review — no manual steps needed. One command takes you from source code to "Waiting for Review".
Android to Google Play
mysigner ship internal --platform android
The CLI detects your framework, builds an AAB (Android App Bundle), fetches your keystore from MySigner, signs the build, and uploads to Google Play. Version codes are auto-incremented — if the Play Store already has version code 42, MySigner bumps to 43 automatically, so you never hit "version code already exists" errors.
Ship to any track by changing the target:
| Target | Command |
|---|---|
| Internal testing | mysigner ship internal --platform android |
| Closed testing (Alpha) | mysigner ship alpha --platform android |
| Open testing (Beta) | mysigner ship beta --platform android |
| Production | mysigner ship production --platform android |
Add--release-notes "Bug fixes and improvements"to include release notes with your Android upload.
Step 6: Verify Your Setup
Run the doctor command to make sure everything is configured correctly:
mysigner doctor
Doctor validates your entire environment across both platforms:
| Check | What it verifies |
|---|---|
| CLI authentication | Token is valid and API is reachable |
| App Store Connect | ASC API key is configured and working |
| Google Play | Service account credentials and permissions |
| Xcode & build tools | Xcode, command line tools, and upload tools |
| Java & Android SDK | JDK, ANDROID_HOME, and Gradle |
| Signing identity | Distribution certificate in your Keychain |
| Keystores | Active Android keystore for signing |
| Project | Detects your project, bundle ID, and required profiles |
If anything is missing or misconfigured, doctor will suggest a fix or offer to resolve it automatically.
Quick Reference
| Command | What it does |
|---|---|
mysigner ship testflight |
Build, sign, and upload to TestFlight |
mysigner ship appstore |
Build, sign, upload, wait, and submit for App Store review |
mysigner ship internal --platform android |
Build, sign, and upload to internal testing |
mysigner ship production --platform android |
Build, sign, and upload to production |
mysigner doctor |
Check setup and auto-fix issues |
mysigner status |
Show connection and credential status |
mysigner sync --force |
Refresh data from Apple and Google |
mysigner devices |
List registered test devices |
mysigner profiles |
List provisioning profiles |
mysigner certificates |
List signing certificates |
What's Next
Learn More Commands
- Ship Command Reference — All shipping options and flags
- Submit Command — Submit existing builds for review
- Doctor Command — Diagnose and fix issues
Follow Guides
- iOS to App Store — Submit for App Store review
- Android to Play Store — Production releases
- GitHub Actions CI/CD — Automate with CI/CD
Explore the Dashboard
Setup & resources: - Managing Credentials — ASC and Google Play setup - iOS Resources — Certificates, profiles, devices - Android Resources — Keystores, apps, tracks - API Tokens — Manage scopes (Read / Write / Admin) - Notifications — Email alerts for expiry, sync failures, revocations, team activity
Publish & ASO: - Releases — Store listings, release notes, AI translate / rewrite, release checklists, phased releases - Screenshot Studio — Canvas editor for App Store / Play Store screenshots - Keywords & ASO (Pro+) — Edit App Store keywords per locale, track ranks - Reviews & Ratings — Unified inbox for both stores with response templates (Pro+) - Analytics — Acquisition, retention, stability, monetisation - Custom Product Pages (Pro+) — iOS CPP variants
Billing: - 14-Day Pro Trial — How the auto-trial works - Pricing & Plans — Free vs Pro vs Team
Team plan features: - Permissions — RBAC matrix - Audit Log — Immutable record of sensitive actions - SSO (SAML 2.0) — Single sign-on with Okta / Entra / Google Workspace
Troubleshooting
Having issues? Try these in order:
- Run doctor —
mysigner doctordiagnoses and auto-fixes most problems - Check status —
mysigner statusverifies your connection and credentials - Force sync —
mysigner sync --forcerefreshes data from Apple and Google - Enable debug —
DEBUG=1 mysigner ship testflightfor detailed error output
See the Troubleshooting Guide for solutions to specific error messages.