Share Apple App Store Connect Access Safely (Roles, Certificates & 2FA)

Why App Store Connect is high-stakes

Your Apple developer account controls binaries, certificates, bundle IDs, TestFlight builds, and billing. A single over-privileged user or leaked certificate can halt releases—or worse, compromise your app.

Use roles instead of sharing the main login

• Account Holder (owner): keep to one person. Required for DUNS, banking, agreements.
• Admin: manage most settings (few people).
• Developer: upload builds, manage certificates/profiles.
• App Manager: manage specific apps, TestFlight, metadata—ideal for agencies.
• Marketer/Customer Support/Read Only: narrow visibility without publish power.

Principle: invite by email with the least privilege that works. Verify the invite on a quick call before clicking. Habit guide: Stop Phishing at the Source: Verify Links Like a Pro.

Safe onboarding (10–15 minutes)

1. In Users and Access → Users, Add User, assign the smallest role (App Manager > Developer > Admin).
2. Scope to specific apps where possible.
3. Require 2FA for everyone. If someone struggles with a master passphrase, send: How to Create Strong Passphrases You’ll Actually Remember.
4. Document the handoff: who uploads, who edits metadata, who presses Submit for Review, and your rollback plan.

Certificates, keys, and provisioning (handle with care)

• Don’t email .p12 files or API keys. Deliver via a one-time, expiring link and share the access code by SMS/phone. Basics: The Safe Way to Share Passwords in 2025 (No Email).
• Prefer Xcode automatic signing for in-house team members; restrict who can create/renew certificates.
• For CI/CD, use App Store Connect API keys scoped to just what your pipeline needs; store outside repos. Dev secrets guide: Share API Keys and .env Files (Safely).
• Never commit .p12, mobileprovision, or API keys to git. If it happened, rotate now: The Simple Incident Playbook for Leaked Passwords.

TestFlight the safe way

• Internal testers (team members): limited to your organization.
• External testers: require Beta App Review; keep groups small and expire old builds.
• Don’t post invite codes publicly. If you must share with a partner, use short-lived links and verify recipients.

Billing, contracts, and banking

• Keep Account Holder & banking details with the owner/finance only.
• If a vendor requests payout changes, verify by phone using known contacts before editing anything. Wire details guide: How to Send Banking Details for Invoices (Without Getting Scammed).

Offboarding & rotation

• Remove the user (Users and Access) and revoke API keys they used.
• Rotate certificates/profiles they controlled and re-issue CI secrets. Checklist: Employee Offboarding: Revoke, Rotate, and Re-Share.
• Do a quick sweep of threads and repos for leaked files: Audit Your Old Messages (90-Minute Sweep).

When you must share files

• Package certs safely (7z/ZIP-AES) with encrypted filenames and a long passphrase; deliver passphrase on a different channel. How-to: Send Encrypted Archives Safely.
• Disable chat link previews to avoid auto-fetch: Prevent Accidental Link Previews.

Useful external references

• Apple: Users & Access overview 🔗
• Apple: Add a user in App Store Connect 🔗
• Apple ID: Two-factor authentication 🔗
• Apple: App Store Connect API keys 🔗

Related reading

Share Git Repository Access Safely · Send SSH Bastion Access with Short-Lived Keys · Share Design Assets via Expiring Links

Bottom line

Invite people—not passwords. Keep Account Holder private, scope roles to the app, protect certs and API keys, require 2FA, and rotate on every handoff.