burrow/Apple/Certificates/README.md
Conrad Kramer 002bd382e9
Some checks failed
Cache: Publish Nix / Publish Nix Cache (push) Waiting to run
Build Rust / Cargo Test (push) Successful in 4m14s
Build Site / Next.js Build (push) Failing after 6s
Infra: OpenTofu / OpenTofu (grafana) (push) Successful in 5s
Lint Governance / BEP Metadata (push) Successful in 0s
Build: Android / Android Rust Core Stub (push) Failing after 23s
Wire Forge-native release infrastructure
2026-06-07 05:51:12 -07:00

2.1 KiB

Apple Certificates

Public Apple certificate material that can be inspected by release tooling lives here. Private keys do not belong in this directory.

Developer ID Application

  • Apple certificate id: 9JKN6HXBHC
  • Certificate file: Apple/Certificates/developer-id-application-9JKN6HXBHC.cer
  • Subject: Developer ID Application: Conrad Kramer (87PW93R2ZR)
  • Issuer: Developer ID Certification Authority, G2
  • Team id: 87PW93R2ZR
  • Validity: 2026-06-07T12:13:47Z through 2031-06-08T12:13:46Z
  • SHA-256 fingerprint: 7B:2D:58:A5:BB:1E:34:5E:FB:FF:7F:E0:A1:CA:4F:B1:5B:6E:08:AF:CE:FD:BE:D0:2B:0A:E9:9C:82:E3:4F:74
  • Google KMS key: projects/project-88c23ce9-918a-470a-b33/locations/global/keyRings/burrow-identity/cryptoKeys/apple-developer-id-application/cryptoKeyVersions/1
  • KMS public-key SHA-256: 9cfaf4755158f445f20a215ef52e7a7ba00da1a310e2e934ba7db5dbb29d2869

The certificate was created from a CSR signed by the non-exportable Google KMS key above. There is no .p12 for this identity. Release signing must use a signer that delegates the relevant Apple code-signing operations to Google KMS.

iOS Distribution

  • Apple certificate id: 3G42677598
  • Certificate file: Apple/Certificates/ios-distribution-3G42677598.cer
  • Subject: iPhone Distribution: Conrad Kramer (87PW93R2ZR)
  • Issuer: Apple Worldwide Developer Relations Certification Authority, G3
  • Team id: 87PW93R2ZR
  • Validity: 2026-06-07T12:21:32Z through 2027-06-07T12:21:31Z
  • SHA-256 fingerprint: 5A:2F:BA:6E:FB:CA:2D:58:01:1F:A0:C8:0F:CF:6B:58:BE:AA:73:7F:4E:F8:06:1C:8A:14:1B:22:8A:2A:29:2B
  • Google KMS key: projects/project-88c23ce9-918a-470a-b33/locations/global/keyRings/burrow-identity/cryptoKeys/apple-ios-distribution/cryptoKeyVersions/1
  • KMS public-key SHA-256: f8613ce059de90b29acf01cbd4a7deb37567653bd154bdf6c447098b5c4fae91

The certificate was created from a CSR signed by the non-exportable Google KMS key above through App Store Connect certificate creation. There is no .p12 for this identity. iOS signing requires a signing path that can delegate Apple code-signing operations to Google KMS.