Company
Built for teams that ship to the App Store.
We're developers who got tired of fighting Apple's Developer Portal and committing certificates to git. So we built the secure vault, dashboard, and CLI Apple should have made.
HexSign HQ
Built where the sun comes up first.
Why we exist
A production build fails because an Apple Developer certificate expired and nobody noticed. Or because a .p12 in the team's git repo got rotated and the CI pipeline didn't get the memo. The developer.apple.com portal makes it hard to see which profiles depend on which certificates, and the standard answer (committing encrypted certs to git via fastlane match) still bakes secrets into your repository. We built HexSign as the secure vault, dashboard, and CLI Apple platform teams should have had from day one: certificates encrypted in a managed vault, full visibility across every profile and account, and a CLI that ships signing material to any CI without touching your repo.
Who we serve
HexSign is built for iOS and macOS engineers, DevOps and platform engineers, release managers, and the team leads responsible for shipping Apple apps. Solo developers with a couple of apps in the App Store, agencies juggling client Apple Developer accounts, and enterprises running dozens of bundle IDs across iOS, macOS, tvOS, and watchOS all use the same dashboard to manage certificates, provisioning profiles, bundle IDs, and devices, without abandoning the CI/CD pipeline they already trust.
How we build
We sit on top of Apple's official App Store Connect API and never touch your private signing keys. The HexSign sync is read-only by default; every certificate creation, profile regeneration, device registration, or revocation is triggered explicitly by you. Apple API keys are stored in AWS Secrets Manager, CSR private keys are encrypted with a dedicated AWS KMS key, and the database runs in a private VPC with encryption at rest. We ship fast, but never at the cost of security.
What we value
Clarity over complexity. Developer tools should be simple, fast, and get out of your way. Every feature in HexSign (the relationship graph, the health score, the wizard, the alerts) exists because it solves a real problem teams hit with Apple's certificate and provisioning profile management. No bloat, no filler, and no claims about competitors we can't back up with a link to their own documentation.