Command line (CLI) & CI
The HexSign CLI is a single binary that talks to the same API as the dashboard. Use it locally to script repetitive Apple Developer work, or wire it into CI to fetch the right signing material before xcodebuild. Alongside the raw CLI, HexSign ships a GitHub Action, a fastlane plugin, a Bitrise Step, a GitLab CI/CD component, and a CircleCI orb so you can adopt it without rewriting your pipeline. The articles below cover installation, authentication, and the most common patterns.
Articles
12 articles in command line (cli) & ci
Install the HexSign CLI
Install the hexsign binary via Homebrew, a pre-built release archive, or by building from source.
Sign in with hexsign login
Run hexsign login to authenticate via your browser, store a refresh token in the OS keychain, and check who you're signed in as.
Run the CLI in CI with machine credentials
Provision a service credential, drop the client ID and secret into your pipeline, and let the CLI swap to machine mode automatically.
Fetch signing material before xcodebuild
A simple, repeatable CI pattern: download the right certificate and provisioning profile by ID, import them, run xcodebuild.
Use the Setup HexSign CLI GitHub Action
Install the HexSign CLI on a GitHub-hosted runner and (optionally) authenticate in one step, so later jobs can fetch signing material before xcodebuild.
Use the HexSign fastlane plugin
Add fastlane-plugin-hexsign to your Pluginfile and download certificates and provisioning profiles from inside a lane.
Use the HexSign Fetch Signing Material Bitrise Step
Drop the hexsign-fetch-signing-material Step into a Bitrise workflow to download a certificate, a profile, or both, and pass the paths to certificate-and-profile-installer.
Use the HexSign GitLab CI/CD component
Include the HexSign CI/CD component in a GitLab pipeline to install the CLI and download certificates and provisioning profiles before your build job.
Use the HexSign CircleCI orb
Add the HexSign orb to a CircleCI config to install the CLI and download certificates and provisioning profiles before your build job.
List, download and inspect with the CLI
Filter and paginate every entity, download certificates and profiles, switch to JSON for jq, and run hexsign summary to print a one-screen status snapshot.
Regenerate, revoke, and rotate from the CLI
Script the write-side commands (regenerate, revoke, delete) with the right scopes, and know when to keep the change in the dashboard instead.
Troubleshoot the HexSign CLI
Fix the most common CLI errors: missing client ID, expired refresh token, callback port conflicts, scope failures, and 401/403 responses.
Other topics
Explore the rest of the help center
Getting started
Set up HexSign, connect an Apple Developer account, and get your first sync running.
Browse categoryCertificates & CSRs
Create, revoke, and download certificates. Generate or upload CSRs and rotate signing identities safely.
Browse categoryProvisioning profiles
Create, regenerate, and download provisioning profiles using the wizard or directly from the dashboard.
Browse categoryAlerts & monitoring
Configure alerts to email, Slack, Microsoft Teams, and incident tools, read the health score, and stay ahead of expirations.
Browse categoryTeam & billing
Invite teammates, assign roles, manage MFA and SSO, and handle Stripe-powered billing.
Browse categoryTroubleshooting
Diagnose sync errors, profile/certificate mismatches, and CI signing failures.
Browse category