Keys & cryptography

.p8 file (auth key)

A PEM-encoded private key file used for two specific Apple authentication flows: App Store Connect API keys and APNs auth keys. Has no expiration and no companion certificate.

p8 auth keyApp Store Connect API key fileAPNs auth keyAuthKey_*.p8

A .p8 file is just a PEM-encoded ECDSA private key. Apple uses this format for two unrelated authentication flows: App Store Connect API keys (used to script account operations), and APNs auth keys (used to send push notifications via token-based auth). Despite the same file extension, they are not interchangeable.

App Store Connect API key

Created in App Store Connect under Users and Access > Integrations > App Store Connect API. The download gives you a .p8 plus an issuer ID and key ID. The same three values together let a client mint short-lived JSON Web Tokens that authenticate to the App Store Connect API.

APNs auth key

Created in the Apple Developer portal under Certificates, Identifiers, Profiles > Keys. A single APNs .p8 can sign push tokens for every app in your team, never expires, and replaces the old per-app push certificate workflow.

How it differs from a .p12

.p12: Certificate plus matching private key, password-encrypted. Used to sign builds.
.p8: Bare private key, no certificate. Used to authenticate API calls (App Store Connect API) or sign short-lived push tokens (APNs).

Keep reading

Related terms

App Store Connect API key

A three-part credential (Key ID, Issuer ID, and .p8 private key) Apple issues to authenticate non-interactive access to the App Store Connect API. The modern replacement for sharing Apple ID passwords.

Read definition

App Store Connect

Apple's web console for managing App Store and TestFlight submissions, App Store Connect API keys, in-app purchases, builds, testers, and team access. Distinct from the Apple Developer portal.

Read definition

APNs auth key

A .p8 private key created in the Apple Developer portal that authenticates token-based push notification sending to APNs. One key serves every app on your team and does not expire.

Read definition

PKCS#12 / .p12 file

A password-protected file format that bundles a certificate and its matching private key together. The standard way to move an Apple signing identity between machines.

Read definition

Private key

The secret half of a key pair. Whoever holds the private key for a code signing certificate can sign builds as that developer. Lose it and you cannot rotate; leak it and someone else can sign as you.

Read definition

Next step

Help articles on this topic

Connect an Apple Developer account with an App Store Connect API key

Generate an App Store Connect API key with the right role, paste it into HexSign, and unlock certificate, profile, and device sync.

6 min readRead article

Notice a definition that has drifted? Email support@hexsign.io and we'll update it. Browse the full glossary or jump to the help center.

Keys & cryptography

.p8 file (auth key)

A PEM-encoded private key file used for two specific Apple authentication flows: App Store Connect API keys and APNs auth keys. Has no expiration and no companion certificate.

p8 auth keyApp Store Connect API key fileAPNs auth keyAuthKey_*.p8

App Store Connect API key

APNs auth key

How it differs from a .p12

.p12: Certificate plus matching private key, password-encrypted. Used to sign builds.
.p8: Bare private key, no certificate. Used to authenticate API calls (App Store Connect API) or sign short-lived push tokens (APNs).

Keep reading

Related terms

App Store Connect API key

Read definition

App Store Connect

Apple's web console for managing App Store and TestFlight submissions, App Store Connect API keys, in-app purchases, builds, testers, and team access. Distinct from the Apple Developer portal.

Read definition

APNs auth key

A .p8 private key created in the Apple Developer portal that authenticates token-based push notification sending to APNs. One key serves every app on your team and does not expire.

Read definition

PKCS#12 / .p12 file

A password-protected file format that bundles a certificate and its matching private key together. The standard way to move an Apple signing identity between machines.

Read definition

Private key

The secret half of a key pair. Whoever holds the private key for a code signing certificate can sign builds as that developer. Lose it and you cannot rotate; leak it and someone else can sign as you.

Read definition

Next step

Help articles on this topic

Connect an Apple Developer account with an App Store Connect API key

Generate an App Store Connect API key with the right role, paste it into HexSign, and unlock certificate, profile, and device sync.

6 min readRead article

Notice a definition that has drifted? Email support@hexsign.io and we'll update it. Browse the full glossary or jump to the help center.