How to Use Fastlane Match for iOS

What is fastlane?

Fastlane is an open source platform aimed at simplifying Android and iOS deployment–automating the process of building and releasing mobile apps. 

(Note: If you are looking to add existing certificates to match git repo, Go to step 9.)

With fastlane, you can:

  1. Automate screenshots — Automatically generate localized screenshots for the app store.
  2. Distribute beta deployments — Easily distribute beta builds for testers.
  3. Publish app store deployments — Publish a new release to the app store in seconds.
  4. Simplify code signing — Reliably and consistently code sign your app, no more headaches.

What is fastlane match?

Fastlane match offers a new approach to iOS code signing: Share one code-signing identity across your development team to simplify your code signing setup and prevent code signing issues.

When you use match, you can create all required certificates & provisioning profiles and store them in a separate git repository. Every team member with access to the repo can use those credentials for code signing. Match also automatically repairs broken and expired credentials. It’s the easiest way to share signing credentials across teams.

Before setting up fastlane match, Let’s start by installing fastlane on the local machine.


sudo gem install fastlane


Step 1: Create a git repo.

Create a new, private git repo (e.g in a specific project in, and you can name it “certificates”.

Note: Make sure the repository is set to private.

Step 2:  Create an Apple developer account.

Create a new, shared Apple developer account, (like that will be shared across your team from now on.

If you already have one, ignore this step. You can also add the username and password fields for the account within the match file.

Step 3: Set up ssh key.

Setting up a ssh key for your git account means you can clone the repository, which will be used by fastlane match file. This is important since match requires username and password to access git repo. Without authentication, the build fails.

Using ssh, You can authenticate for the repository where certificates and provisioning profiles will be stored.

Step 4: Initiate fastlane.

Initiate fastlane for your project folder (containing .xcworkspace or .xcodeproj).


fastlane init
project1$: fastlane init
[17:13:06]: Detected iOS/Mac project in current directory...
[17:13:06]: This setup will help you get up and running in no time.
[17:13:06]: fastlane will check what tools you're already using and set up
[17:13:06]: the tool automatically for you. Have fun!
[17:13:06]: Created new folder './fastlane'.
[17:13:06]: $ xcodebuild -list -workspace ./project1.xcworkspace
2017-06-20 17:13:07.122 xcodebuild[65932:6932431] [MT] PluginLoading: Required plug-in compatibility UUID DFFB3951-EB0A-4C09-9DAC-5F2D28CC839C for plug-in at path '~/Library/Application Support/Developer/Shared/Xcode/Plug-ins/SwiftLintXcode.xcplugin' not present in DVTPlugInCompatibilityUUIDs
[17:13:08]: $ xcodebuild -showBuildSettings -workspace ./project1.xcworkspace -scheme project1
2017-06-20 17:13:08.331 xcodebuild[65937:6932494] [MT] PluginLoading: Required plug-in compatibility UUID DFFB3951-EB0A-4C09-9DAC-5F2D28CC839C for plug-in at path '~/Library/Application Support/Developer/Shared/Xcode/Plug-ins/SwiftLintXcode.xcplugin' not present in DVTPlugInCompatibilityUUIDs
[17:13:09]: Your Apple ID (e.g.
Verifying that app is available on the Apple Developer Portal and iTunes Connect...
[17:15:49]: Starting login with user ''

A folder with name fastlane is created inside the project folder. It contains three files initially–out of which two are important.

Appfile — The Appfile stores useful information that is used across all fastlane tools like your Apple ID or the application Bundle Identifier, to deploy your lanes faster and tailored on your project needs


Fastfile — Defines the “lanes” that drive the behavior of fastlane.


Step 5: Update fastfile

Update the fastfile with required lanes such as beta, appstore, etc.
If you want to know about these commands. Click here.

In this example, we are using beta for uploading the build to crashlytics.

There are few additional things that are shown in this example. (e.g: Bumping the build version, configuring slack etc.)

Step 6: Set up match.


— To setup match

fastlane match init

You need to provide the url for the git private repo. (Recommended to use ssh instead of https, Follow step 1 and step 3)

This will create a matchfile in the current directory (or in your ./fastlane/folder).

By default, it contains git url, App Identifier, git username.

Update the file with following commands.

Fastlane will automatically take the username, password for git repo and authenticate.

MATCH_PASSWORD is the password for the p.12 files that will be stored in the repo.


Step 7: Generating certificates

Run the following command in the terminal:


fastlane match appstore


You can also use development, ad-hoc, enterprise depending on your purpose.

This will create a new certificate and provisioning profile (if required) for the type selected (development, ad-hoc, enterprise, appstore), and store them in your git repo. If you previously ran match, it will automatically install the existing profiles from the git repo.

The provisioning profiles are installed in ~/Library/MobileDevice/Provisioning Profiles while the certificates and private keys are installed in your local keychain.


Note: To get a more detailed output of what match is doing, use:


fastlane match --verbose

Step 8: Upload build to crashlytics (optional).

Try uploading the build to fabric from local machine to make sure everything is working as expected. Make sure you have the api_key and build_secret for the application in fabric to upload. Since we have already configured beta lane in fastfile to upload build to crashlytics.

Run the following command from the project folder:

fastlane beta


Step 9: Manually add existing certificates to the git repository (optional).

Warning: Manually editing your match repo can introduce unexpected behaviour and is not recommended. Proceed with caution.

Note: GitHelper doesn’t work any more. Fastlane has recently updated the process.

Run the following commands in your terminal:

$ bundle console

Then, require match and set the appropriate parameters:

irb(main):001:0> require 'match' 
irb(main):002:0> git_url = '' 
=> " certificate-repo"
irb(main):003:0> shallow_clone = false 
=> false
irb(main):004:0> ENV["MATCH_PASSWORD"] = 'example-password' 
=> "example-password" 
irb(main):005:0> branch = 'master'
=> "master"

Now create an instance of Storage and Encryption. The download method on Storage will clone the repo and the decrypt_files method on Encryption will decrypt the repo for you. Assign the return values to storage and encrypt, which we’ll need later when we re-encrypt:

irb(main):006:0> storage = Match::Storage.for_mode("git", { git_url: git_url, shallow_clone: shallow_clone, git_branch: branch, clone_branch_directly: false}) 
irb(main):008:0> encryption = Match::Encryption.for_storage_mode("git", { git_url: git_url, working_directory: storage.working_directory}) 
irb(main):009:0> encryption.decrypt_files 
[14:24:42]: 🔓  Successfully decrypted certificates repo
irb(main):010:0> storage.working_directory 
=> "/var/folders/ql/4rgq9x7j51n_971xb332w9lc0000gn/T/d20181105-65220-1oalh6v"

The directory beginning with /var/folders contains the decrypted git repo. Modify it as needed.

If you are updating a .p12 file, ensure it’s exported from the keychain without a password, since match doesn’t support importing private keys with a password.

Warning: Do not commit your changes. Allow fastlane to do that for you.

In the Ruby console, call encryption.encrypt and storage.save_changes!. For example:

irb(main):010:0> encryption.encrypt_files 
irb(main):011:0> files_to_commit = Dir[File.join(storage.working_directory, "**", "*.{cer,p12,mobileprovision}")]
irb(main):012:0> storage.save_changes!(files_to_commit: files_to_commit)

Or If you don’t want to specify the files_to_commit then:

irb(main):010:0> encryption.encrypt
irb(main):011:0> storage.save_changes!

Your changes will be encrypted, committed, and pushed.

Note: If your keychain doesn’t include the encryption passcode, you may be prompted for it. If so, just enter the same password you used to decrypt it.

For additional information: Click here



Fastlane provides the following capabilities:

  1. Authenticating apple developer account.
  2. Authenticating git repo.
  3. Installing certificates (if not available, it creates required certificates and provisioning profiles).
  4. Compiling the project.
  5. Code signing.
  6. Uploading the .ipa to the fabric.

Potential Obstacles:

During this process, you might face a few issues. Here are a few to consider: 

  1. Authentication error to the apple developer account.
  2. Certificates not found for code signing (Setup the project in xcode with installed certificates and provisioning profiles from git repo.)
  3. No matching code signing entities.
  4. If you manually update these certificates in apple developer portal, then the certificates in git repo will be outdated and are of no use. Make sure you manually update the git repo.
  5. Cloning the git repo and updating the certificates and provisioning profiles won’t work, since the git repo is encrypted and password protected.


Related Articles


Keep in the loop with the latest in emerging technology and Mutual Mobile