[GH-ISSUE #249] Option to specify the apple account and password in the web UI. #76

New issue

Open

opened 2026-03-04 00:23:41 +03:00 by kerem · 2 comments

kerem commented

2026-03-04 00:23:41 +03:00

Owner

Originally created by @jpdasma on GitHub (Sep 18, 2022).
Original GitHub issue: https://github.com/SignTools/SignTools/issues/249

When opting to use a developer account, it appears that we have to specify both the email and password in a text file:

data
|____profiles
| |____my_profile                # Or what you named your profile
| | |____cert.p12                # the signing certificate archive
| | |____cert_pass.txt           # the signing certificate archive's password
| | |____name.txt                # a name to show in the web interface
| | |____account_name.txt        # the developer account's name (email)
| | |____account_pass.txt        # the developer account's password
| |____my_other_profile
| | |____...

It's not really a good practice to store these in plaintext, even if we are running SignTools in a private server.

I suggest a feature to have an option to leave these empty and prompt the user for the email and password in the web UI.

Originally created by @jpdasma on GitHub (Sep 18, 2022). Original GitHub issue: https://github.com/SignTools/SignTools/issues/249 When opting to use a developer account, it appears that we have to specify both the email and password in a text file: ``` data |____profiles | |____my_profile # Or what you named your profile | | |____cert.p12 # the signing certificate archive | | |____cert_pass.txt # the signing certificate archive's password | | |____name.txt # a name to show in the web interface | | |____account_name.txt # the developer account's name (email) | | |____account_pass.txt # the developer account's password | |____my_other_profile | | |____... ``` It's not really a good practice to store these in plaintext, even if we are running SignTools in a private server. I suggest a feature to have an option to leave these empty and prompt the user for the email and password in the web UI.

kerem added the

enhancement

label

2026-03-04 00:23:41 +03:00

kerem commented

2026-03-04 00:23:42 +03:00

Author

Owner

@iitazz commented on GitHub (Sep 18, 2022):

I agree, this would be a nice thing to be implemented!

@iitazz commented on GitHub (Sep 18, 2022): I agree, this would be a nice thing to be implemented!

kerem commented

2026-03-04 00:23:42 +03:00

Author

Owner

@ViRb3 commented on GitHub (Sep 18, 2022):

Due to the nature of signing, even if you had a prompt for the credentials, they would still have to reach the builder in plaintext at some point, so you should always consider them compromised. This is party mitigated by 2FA, but yes, I agree that it is not "safe". Sadly, I don't think there's a "fully safe" solution for your credentials, so I highly recommend to use a separate account just for development. I don't think that the benefits of having a prompt are worth it (in my opinion, at least), so I will likely not implement this feature myself, but I am happy to take it as a PR from somebody else.

@ViRb3 commented on GitHub (Sep 18, 2022): Due to the nature of signing, even if you had a prompt for the credentials, they would still have to reach the builder in plaintext at some point, so you should always consider them compromised. This is party mitigated by 2FA, but yes, I agree that it is not "safe". Sadly, I don't think there's a "fully safe" solution for your credentials, so I highly recommend to use a separate account just for development. I don't think that the benefits of having a prompt are worth it (in my opinion, at least), so I will likely not implement this feature myself, but I am happy to take it as a PR from somebody else.

kerem referenced this issue

2026-03-04 00:24:26 +03:00

[PR #76] [MERGED] fix(deps): bump docker/metadata-action from 3.3.0 to 3.4.0 #161