Use case
Code signing for Electron apps on macOS
Shipping an Electron app on macOS means signing with a Developer ID Application certificate and notarizing through Apple's notary service, or — for Mac App Store distribution — signing with the 3rd Party Mac Developer Application + Mac Installer certificates and a Mac App Store provisioning profile. HexSign sits on top of the App Store Connect API and gives you a single dashboard for every Mac certificate, profile, identifier, and notarization key, with alerts that fire long before electron-builder, electron-forge, or notarytool fail on a release.
TL;DR
- Electron on macOS uses Apple Developer assets — Developer ID certs for direct distribution, Mac App Store certs and profiles for the App Store.
- HexSign tracks every Mac certificate, Mac bundle ID, and the App Store Connect API key your notarization workflow uses.
- Email and Slack alerts fire before a Developer ID Application cert renewal or notarization key rotation breaks a release.
- Works alongside electron-builder, electron-forge, and any CI that signs and notarizes through Apple's standard tooling.
Where teams hit friction
Common pain points signing Electron apps
What HexSign adds
What HexSign adds for Electron teams
Live relationship graph
An interactive graph linking certificates, provisioning profiles, bundle IDs, and devices. Click any node to see its dependencies and the blast radius of revoking or rotating it.
Expiration alerts before things break
Email and Slack webhook alerts at thresholds you choose (7, 14, 30, 60, 90 days). Send a test alert before enabling delivery, so there are no surprise expirations during a release.
Health score & expiring items
A 0–100% health score across every Apple account you connect, plus an expiring-items panel that surfaces what to act on first. No CLI invocation required.
Guided provisioning profile wizard
A step-by-step wizard picks the right profile type, identifier, signing certificate, and devices, then generates the profile through Apple's API. No portal tab-switching.
Multi-account dashboard
Connect one or many Apple Developer team accounts. Each syncs independently with its own status and error reporting, all visible from a single dashboard.
Audit logs, RBAC & MFA
Owner / Admin / Member roles, per-user auth activity log, and MFA via SMS or TOTP authenticator apps. Every certificate, profile, device, and identifier change is logged.
How it works
How HexSign fits a Electron workflow
- 1
Connect your Apple Developer team
Create an App Store Connect API key with App Manager or Admin scope and add it to HexSign. The same key your notarytool calls use can be the one HexSign syncs through — no Apple ID password ever leaves Apple.
- 2
See every Mac signing asset in one graph
Developer ID Application, Developer ID Installer, 3rd Party Mac Developer Application, Mac Installer Distribution, plus Mac App Store provisioning profiles and Mac bundle IDs — all rendered as a relationship graph, with health and expiration surfaced.
- 3
Rotate certs and keys before a release breaks
When a Developer ID Application cert is approaching renewal or you need a fresh App Store Connect API key for notarization, HexSign's wizard handles the cert request (CSR private key encrypted with AWS KMS) and an audit log records the change.
- 4
Alerts wired to the channel that owns releases
Get email or Slack webhook alerts at the thresholds you choose — typically 90, 60, and 30 days for Developer ID, plus a heads-up for App Store Connect API keys that are nearing rotation.
- 5
Use any builder you already have
HexSign does not run electron-builder, electron-forge, notarytool, or codesign. It manages the Apple-side assets those tools sign and notarize with. Same API key, same Apple state, much less surprise.
Side-by-side
Signing Electron apps with HexSign vs without
With HexSign | Without HexSign | |
|---|---|---|
| Direct distribution (Developer ID + notarization) | ||
| Track every Developer ID Application cert | Apple portal, one team at a time | |
| Alert before notarization key rotation | Email + Slack | |
| Audit log of cert revocation | ||
| Mac App Store distribution | ||
| Track 3rd Party Mac Developer Application cert | Apple portal | |
| Track Mac Installer Distribution cert | Apple portal | |
| Track Mac App Store provisioning profile | Yes, with relationship graph | Apple portal |
| Lifecycle operations | ||
| Generate a CSR with managed private key | AWS KMS-encrypted | Keychain Access on one Mac |
| Regenerate a single Mac profile | Single click | Manual, in Apple's portal |
| Revoke a leaked cert | Dashboard + audit | Apple portal, no team-level audit |
| Team & security | ||
| Role-based access for the signing dashboard | Owner / Admin / Member | Apple roles only |
| MFA | TOTP / SMS | Apple ID 2FA |
| Audit log of every change | ||
FAQ
Questions about HexSign for Electron
Other use cases
HexSign for other frameworks
Comparing HexSign to a specific tool? See HexSign vs Fastlane Match, HexSign vs Apple Developer Portal, HexSign vs Codemagic, and HexSign vs Bitrise.
Ready?
Ship Electron releases without signing surprises
Connect your App Store Connect API key and get full visibility in minutes. No rip-and-replace required.