Docs
BlogChangelogStar Us on GitHub
HomeGuidesEASReferenceLearn
ArchiveExpo SnackDiscord and ForumsNewsletter

Using automatically managed credentials

Edit this page

Learn how to automatically manage your app credentials with EAS.

For your app to be distributed in an app store, it needs to be digitally signed with credentials such as a keystore or a distribution certificate. This certifies the source of the app and ensures that it can't be tampered with. Other credentials, such as your FCM API Key and Apple Push Key are needed to send push notifications, but they are not involved in app signing.

That's all that you need to know about any of this to build an app with EAS Build, but if you would like to learn more you can refer to the App Signing guide.

Read on to learn how EAS can automatically manage credentials for you and your team.

Generating app signing credentials

When you run eas build, you will be prompted to generate credentials if you have not done so already. Follow the simple instructions to generate your credentials. Where needed, they will be stored on EAS servers. On subsequent builds of your app, these credentials will be re-used unless you specify otherwise.

Generating your iOS credentials (distribution certificate, provisioning profile, and push key) requires you to sign in with an Apple Developer Program membership.

If you have any security concerns about EAS managing your credentials or about logging in to your Apple Developer account through EAS CLI, see Security guide. If that does not satisfy your concerns, you can reach out to secure@expo.dev for more information, or use local credentials instead.

Push notification credentials

Android

The Android push notification credentials setup for EAS Build requires configuring your app with FCM. Run eas credentials, select Android, then Push Notifications: Manage your FCM Api Key, and then choose the appropriate option to set up the key.

iOS

If you haven't set up your Push Notifications key yet, EAS CLI will ask you to set it up during the next eas build run.

You can also set up the Push Notifications key with the eas credentials command. Run it, select iOS, then Push Notifications: Manage your Apple Push Notifications Key, and then choose the appropriate option to set up the key.

Sharing credentials with your team

If you collaborate on your project with other developers, it is often useful to give them access to perform builds on their own. Ensure that your project is configured for collaboration and any teammates that you have added through your EAS dashboard will be able to run eas build seamlessly, provided that they have sufficient permissions.

After you have generated your iOS credentials, it's no longer necessary to have access to the Apple Developer team to start a build. This means that your collaborators can start new iOS builds with only their Expo accounts.

Inspecting credentials configuration

You can view your currently configured app signing credentials by running eas credentials. This command also lets you remove and modify credentials, should you need to make any changes. Typically this is not necessary, but you may want to use it if you want to sync your credentials to your local machine to run a build locally or migrate existing credentials to be automatically managed.