[GH-ISSUE #193] Add App Encryption Declarations (export compliance) CLI support #57

New issue

Closed

opened 2026-02-26 21:33:03 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:33:03 +03:00

Owner

Copy link

Originally created by @rudrankriyam on GitHub (Jan 26, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/193

Overview

Add CLI support for App Encryption Declarations (export compliance). This is required when usesNonExemptEncryption=true and blocks App Review without a declaration.

Docs (API)

• App Encryption Declarations: https://sosumi.ai/documentation/appstoreconnectapi/app-encryption-declarations
• Create request object: https://sosumi.ai/documentation/appstoreconnectapi/appencryptiondeclarationcreaterequest
• OpenAPI spec (fields): https://raw.githubusercontent.com/EvanBacon/App-Store-Connect-OpenAPI-Spec/main/specs/latest.json

Scope (Endpoints)

Read/list:

• GET /v1/appEncryptionDeclarations
• GET /v1/appEncryptionDeclarations/{id}
• GET /v1/apps/{id}/appEncryptionDeclarations
• GET /v1/apps/{id}/relationships/appEncryptionDeclarations
• GET /v1/appEncryptionDeclarations/{id}/appEncryptionDeclarationDocument
• GET /v1/appEncryptionDeclarationDocuments/{id}

Create/update:

• POST /v1/appEncryptionDeclarations
• POST /v1/appEncryptionDeclarations/{id}/relationships/builds
• POST /v1/appEncryptionDeclarationDocuments
• PATCH /v1/appEncryptionDeclarationDocuments/{id} (commit)

Proposed CLI

Top-level group (suggested): asc encryption <subcommand> [flags]

Subcommands:

• encryption declarations list --app APP_ID
• encryption declarations get --id DECL_ID
• encryption declarations create --app APP_ID [attributes per OpenAPI]
• encryption declarations assign-builds --id DECL_ID --build BUILD_ID[,BUILD_ID...]
• encryption documents get --id DOC_ID
• encryption documents upload --declaration DECL_ID --file ./export.pdf (create + upload ops + commit)

Required Attributes

⚠️ Use the OpenAPI spec to surface required/optional fields for creation.
Search the spec for:

• AppEncryptionDeclarationCreateRequest
• AppEncryptionDeclarationCreateRequest.Data.Attributes
• AppEncryptionDeclarationDocumentCreateRequest

Expose those fields via explicit CLI flags and validate required combinations.

Output

• JSON (minified) by default
• Table/markdown for list/get
• Upload result should include declaration ID, document ID, file name, state

Acceptance Criteria

• asc encryption --help is available
• Can list/get declarations for an app
• Can create a declaration (fields validated against OpenAPI)
• Can upload and commit a declaration document
• Can assign builds to a declaration
• JSON/table/markdown output

Tests

• CLI validation tests for required fields and invalid combinations
• HTTP client tests for list/get/create/assign builds
• Upload tests with mocked presigned URLs (SSRF-safe validation)
• Output tests for table/markdown

Manual Test Plan (using real apps)

1. Find IDs:
   • asc apps --paginate → APP_ID
   • asc builds list --app APP_ID --paginate → BUILD_ID (pick a build with usesNonExemptEncryption=true if applicable)
2. List declarations:
   • asc encryption declarations list --app APP_ID
3. Create declaration (example flags must match OpenAPI fields):
   • asc encryption declarations create --app APP_ID [required flags]
4. Upload document:
   • asc encryption documents upload --declaration DECL_ID --file ./export.pdf
5. Assign build:
   • asc encryption declarations assign-builds --id DECL_ID --build BUILD_ID
6. Get declaration + document:
   • asc encryption declarations get --id DECL_ID
   • asc encryption documents get --id DOC_ID

Implementation Notes

• Add cmd/encryption.go (group + subcommands)
• Add internal/asc/encryption.go + output helpers
• Reuse upload helper patterns from assets/builds for document uploads
• Register command in cmd/root.go

Originally created by @rudrankriyam on GitHub (Jan 26, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/193 # Overview Add CLI support for **App Encryption Declarations** (export compliance). This is required when `usesNonExemptEncryption=true` and blocks App Review without a declaration. # Docs (API) - App Encryption Declarations: https://sosumi.ai/documentation/appstoreconnectapi/app-encryption-declarations - Create request object: https://sosumi.ai/documentation/appstoreconnectapi/appencryptiondeclarationcreaterequest - OpenAPI spec (fields): https://raw.githubusercontent.com/EvanBacon/App-Store-Connect-OpenAPI-Spec/main/specs/latest.json # Scope (Endpoints) Read/list: - `GET /v1/appEncryptionDeclarations` - `GET /v1/appEncryptionDeclarations/{id}` - `GET /v1/apps/{id}/appEncryptionDeclarations` - `GET /v1/apps/{id}/relationships/appEncryptionDeclarations` - `GET /v1/appEncryptionDeclarations/{id}/appEncryptionDeclarationDocument` - `GET /v1/appEncryptionDeclarationDocuments/{id}` Create/update: - `POST /v1/appEncryptionDeclarations` - `POST /v1/appEncryptionDeclarations/{id}/relationships/builds` - `POST /v1/appEncryptionDeclarationDocuments` - `PATCH /v1/appEncryptionDeclarationDocuments/{id}` (commit) # Proposed CLI Top-level group (suggested): `asc encryption <subcommand> [flags]` Subcommands: - `encryption declarations list --app APP_ID` - `encryption declarations get --id DECL_ID` - `encryption declarations create --app APP_ID [attributes per OpenAPI]` - `encryption declarations assign-builds --id DECL_ID --build BUILD_ID[,BUILD_ID...]` - `encryption documents get --id DOC_ID` - `encryption documents upload --declaration DECL_ID --file ./export.pdf` (create + upload ops + commit) # Required Attributes ⚠️ Use the OpenAPI spec to surface required/optional fields for creation. Search the spec for: - `AppEncryptionDeclarationCreateRequest` - `AppEncryptionDeclarationCreateRequest.Data.Attributes` - `AppEncryptionDeclarationDocumentCreateRequest` Expose those fields via explicit CLI flags and validate required combinations. # Output - JSON (minified) by default - Table/markdown for list/get - Upload result should include declaration ID, document ID, file name, state # Acceptance Criteria - [ ] `asc encryption --help` is available - [ ] Can list/get declarations for an app - [ ] Can create a declaration (fields validated against OpenAPI) - [ ] Can upload and commit a declaration document - [ ] Can assign builds to a declaration - [ ] JSON/table/markdown output # Tests - CLI validation tests for required fields and invalid combinations - HTTP client tests for list/get/create/assign builds - Upload tests with mocked presigned URLs (SSRF-safe validation) - Output tests for table/markdown # Manual Test Plan (using real apps) 1) Find IDs: - `asc apps --paginate` → `APP_ID` - `asc builds list --app APP_ID --paginate` → `BUILD_ID` (pick a build with `usesNonExemptEncryption=true` if applicable) 2) List declarations: - `asc encryption declarations list --app APP_ID` 3) Create declaration (example flags must match OpenAPI fields): - `asc encryption declarations create --app APP_ID [required flags]` 4) Upload document: - `asc encryption documents upload --declaration DECL_ID --file ./export.pdf` 5) Assign build: - `asc encryption declarations assign-builds --id DECL_ID --build BUILD_ID` 6) Get declaration + document: - `asc encryption declarations get --id DECL_ID` - `asc encryption documents get --id DOC_ID` # Implementation Notes - Add `cmd/encryption.go` (group + subcommands) - Add `internal/asc/encryption.go` + output helpers - Reuse upload helper patterns from assets/builds for document uploads - Register command in `cmd/root.go`

kerem closed this issue 2026-02-26 21:33:04 +03:00

kerem commented 2026-02-26 21:33:04 +03:00

Author

Owner

Copy link

@rudrankriyam commented on GitHub (Jan 27, 2026):

Closed as fixed by #234, #239. PRs: https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/234, https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/239

<!-- gh-comment-id:3808155586 --> @rudrankriyam commented on GitHub (Jan 27, 2026): Closed as fixed by #234, #239. PRs: https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/234, https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/239

kerem referenced this issue 2026-02-26 21:34:19 +03:00

[PR #57] [MERGED] Tester group relationships #258

kerem referenced this issue 2026-02-26 21:34:20 +03:00

[PR #62] [MERGED] Code duplication cleanup #260

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#57

No description provided.