Product

Everything you need to manage Apple Developer assets.

An encrypted vault for your Apple certificates, a dashboard for every profile and expiration, and a CLI that ships signing assets to any CI. All synced with App Store Connect.

Product tour

Watch HexSign in action

A quick walkthrough of certificates, profiles, the wizard, and the relationship graph. Open the watch page →

Visualize

Interactive relationship graph

See how certificates, profiles, and bundle IDs connect. Click any node to highlight its dependency chain. Color-coded by health status.

Apple Distribution

Distribution

154d left

Apple Development

Development

Expired 47d ago

Apple Push Services

232d left

Mac Installer Dist

Mac Installer Distribution

Expired 96d ago

MyApp App Store

App Store

154d left

MyApp Development

Development

98d left

MyApp Ad Hoc

Ad Hoc

Expired 47d ago

PushService Prod

App Store

215d left

MacApp Installer

Mac Installer

Expired 96d ago

MyApp

com.company.myapp

iOS

PushService

com.company.pushservice

iOS

MacApp

com.company.macapp

macOS

Capabilities

What HexSign manages for your Apple Developer account

Auto-renewal

Distribution certificates and provisioning profiles reissue themselves 30 days before expiry. The new cert keeps the private key on file; profiles rebuild with the renewed cert IDs swapped in. Failures email your admins with Apple's exact reason.

Certificate management

Create, revoke, and download certificates directly from HexSign. Track iOS Development, Distribution, Developer ID, Mac Installer, Push, and more, with .p12 export when the private key is on file.

Profile management

Create, update, regenerate, and download provisioning profiles across App Store, Ad Hoc, Development, and Enterprise, all from the dashboard.

Provisioning profile wizard

A guided flow that walks you through intent, identifier, certificate, and device selection, then builds the profile for you. No more Apple portal tab-switching.

CSR generation & vault

Generate certificate signing requests with private keys encrypted at rest using AWS KMS, or upload your own. Reuse CSRs across certificates securely.

Bundle ID & capability management

Register identifiers and toggle capabilities (Push Notifications, App Groups, Associated Domains, HealthKit, HomeKit, CloudKit, Wallet, and more) from one screen.

Device registry & enrollment

Register iPhones, iPads, Macs, Apple Watches, and Apple TVs by UDID. Enable or disable devices and add them to profiles in a click.

Team management & RBAC

Invite teammates by email, assign Owner, Admin, or Member roles, and track auth activity. Deactivate users without losing audit history.

MFA & secure auth

Enforce multi-factor authentication with SMS or authenticator apps (TOTP). Cognito-backed sessions with device tracking and per-user auth logs.

Multi-account management

Connect multiple Apple Developer team accounts. Each syncs independently with its own status and error reporting. All visible from a single dashboard.

Health score and expiring items

Dashboard surfaces an overall health score (0-100%) based on certificate validity, profile status, and expiration timelines. Expiring items panel highlights what needs attention.

Audit logs and sync history

Every certificate, profile, device, identifier, CSR, and user action is logged. Detailed sync history with counts, changes detected, and duration.

CLI & headless automation

A single-binary CLI brings the dashboard to your terminal and CI. OAuth login locally, scoped client credentials in CI, JSON output for scripting xcodebuild and fastlane pipelines.

Auto-renew certificates and profiles before they expire

Distribution certs and provisioning profiles reissue themselves 30 days before expiry. The new cert keeps your existing key, and profiles rebuild against the renewed cert in the same daily run. Failures email your admins with Apple's exact reason. Auto-renewal handles the routine work; alerts catch the rare edge cases.

How auto-renewal works

Proactive alerts to chat and incident tools

Configure alerts with custom thresholds: 7, 14, 30, 60, or 90 days before expiry. Route them to email, Slack, Microsoft Teams, Jira, PagerDuty, Jira Service Management, or incident.io. Test alerts before enabling.

View pricing

HexSign CLI for terminal and CI

Same data as the dashboard, scriptable. List, download, and rotate certificates and profiles from your shell or CI pipeline. Zero-config binaries, OAuth login locally, scoped client credentials for CI, and JSON output for jq and pipelines.

Explore the CLI

Audit logs, sync history, and team controls

Every action is logged. RBAC roles, MFA-enforced sign-in, per-user auth activity, and detailed sync history with counts, changes detected, and duration. Built for teams that need to answer auditor questions.

Ships signing assets to any CI. Bring your own pipeline.

Interactive relationship graph

See how certificates, profiles, and bundle IDs connect. Click any node to highlight its dependency chain. Color-coded by health status.

Apple Distribution

Distribution

154d left

Apple Development

Development

Expired 47d ago

Apple Push Services

232d left

Mac Installer Dist

Mac Installer Distribution

Expired 96d ago

MyApp App Store

App Store

154d left

MyApp Development

Development

98d left

MyApp Ad Hoc

Ad Hoc

Expired 47d ago

PushService Prod

App Store

215d left

MacApp Installer

Mac Installer

Expired 96d ago

MyApp

com.company.myapp

iOS

PushService

com.company.pushservice

iOS

MacApp

com.company.macapp

macOS

What HexSign manages for your Apple Developer account

Auto-renewal

Certificate management

Create, revoke, and download certificates directly from HexSign. Track iOS Development, Distribution, Developer ID, Mac Installer, Push, and more, with .p12 export when the private key is on file.

Profile management

Create, update, regenerate, and download provisioning profiles across App Store, Ad Hoc, Development, and Enterprise, all from the dashboard.

Provisioning profile wizard

A guided flow that walks you through intent, identifier, certificate, and device selection, then builds the profile for you. No more Apple portal tab-switching.

CSR generation & vault

Generate certificate signing requests with private keys encrypted at rest using AWS KMS, or upload your own. Reuse CSRs across certificates securely.

Bundle ID & capability management

Register identifiers and toggle capabilities (Push Notifications, App Groups, Associated Domains, HealthKit, HomeKit, CloudKit, Wallet, and more) from one screen.

Device registry & enrollment

Register iPhones, iPads, Macs, Apple Watches, and Apple TVs by UDID. Enable or disable devices and add them to profiles in a click.

Team management & RBAC

Invite teammates by email, assign Owner, Admin, or Member roles, and track auth activity. Deactivate users without losing audit history.

MFA & secure auth

Enforce multi-factor authentication with SMS or authenticator apps (TOTP). Cognito-backed sessions with device tracking and per-user auth logs.

Multi-account management

Connect multiple Apple Developer team accounts. Each syncs independently with its own status and error reporting. All visible from a single dashboard.

Health score and expiring items

Dashboard surfaces an overall health score (0-100%) based on certificate validity, profile status, and expiration timelines. Expiring items panel highlights what needs attention.

Audit logs and sync history

Every certificate, profile, device, identifier, CSR, and user action is logged. Detailed sync history with counts, changes detected, and duration.

CLI & headless automation

A single-binary CLI brings the dashboard to your terminal and CI. OAuth login locally, scoped client credentials in CI, JSON output for scripting xcodebuild and fastlane pipelines.

Auto-renew certificates and profiles before they expire