2 Factor Authentication in CI-CD process for app store in azure DevOps

Question

I am trying to release the app to the app store but as 2FA is now mandatory for the apple account I am facing an issue while uploading the app to the store.

I tried using FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD as per the this link but it did not work out.

I have added an app-specific password in the service connection as well.

after adding an app-specific password in that and got the following error: also, it is saying that you can pass the password using FASTLANE_PASSWORD in the environment variable but I don't know how to pass it.

I went through the answer provided by

Two-factor Authentication With Fastlane but it's not helping me with Azure DevOps. Is there another way to make it work?

@Paulw11 I updated the question...can you please help with this? — Ragesh Pikalmunde, Mar 12 '21 at 09:04
Have you tried removing the value from the password field? You only want an app specific password. — Paulw11, Mar 12 '21 at 09:05
you mean in the service connection I should remove the password and just keep an app-specific password...right? — Ragesh Pikalmunde, Mar 12 '21 at 09:07
@Paulw11 I tried that and got the warning `##[warning]Your fastlane session is incorrect and app specific id is not set. Please set correct fastlane session or app specific id` also task is failed...I just updated the question again...can you please check — Ragesh Pikalmunde, Mar 12 '21 at 10:15
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/229815/discussion-between-ragesh-pikalmunde-and-paulw11). — Ragesh Pikalmunde, Mar 12 '21 at 10:21

score 3 · Answer 1 · answered Apr 04 '21 at 20:37

When you download the API key, you will get a .p8 certificate (e.g AuthKey_426ZIF325NY.p8) but most probably you cannot save this file as a pipeline variable, but you can save it as a string.

Open terminal and go to your Download Folder then open your file with some Text Editor (preferred) e.g vim AuthKey_426ZIF325NY.p8 or nano AuthKey_426ZIF325NY.p8, but you can use any editor you are familiar with (e.g VS Code).

You will get something like this:

You need to to save this key as string, but you cannot just copy the content, because there are some \n symbols you do not see and you will not copy them with normal copy/paste. So you need to add them manually and delete the line brakes:

Before:

After:

"-----BEGIN PRIVATE KEY-----\nGTAGTAgEAMBMGByqGSM49AgEGTTqGSM49AwEHBHkwdwIBAQQg6YnlZ7oLdukc99KL\nTZBVNjYeCpNQtZh3uY2SZw6jh+igCgYIKoZIzj0DAQehRANCAAQ2dMU6ss1I3760\nOLjYhPBLn5f1T9ZXVbI4kFcKARM/JfPOKh7rK95LHoEOGdpBQHEaAmZo0x2pnF1+\n
AhD4UTiE\n-----END PRIVATE KEY-----"

Now save this "After" parameter (but use your certificate) as a pipeline variable with name key. You Upload Job (Upload to TestFlight) needs access to this certificate and other two variables.

If you want, you can post your fastlane upload lane here and I will write you the additonal part.

Bright Ran-MSFT · Answer 2 · 2021-03-16T07:09:20.283

2

How about setting all of the three variables to be environment variables?

FASTLANE_PASSWORD
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD
FASTLANE_SESSION

In addition, please note that, unlike the normal pipeline variables, the secret pipeline variables will not be automatically mapped as environment variables on the agents during the pipeline running. You need to explicitly map secret variables to be environment variables. For details, see "Set secret variables".

[UPDATE]

The FASTLANE_PASSWORD should be the password of your iCloud account (or App Store Connect account). However usually it is not necessary in CI/CD pipeline.

You can try the following command line:

fastlane spaceauth -u <your-email-address>

This command line can generate a login session for your Apple ID in advance. Then you need to store the generated value inside the FASTLANE_SESSION environment variable on the agent machine.

To view more details, you can see "Storing a manually verified session using spaceauth".

edited Mar 16 '21 at 07:09

answered Mar 15 '21 at 02:55

Bright Ran-MSFT

5,190
1
5
12

where can I get FASTLANE_PASSWORD`? is that app store password that I need to use? – Ragesh Pikalmunde Mar 15 '21 at 05:39
Hi @RageshPikalmunde, I have updated my answer with more information. Please check with it. – Bright Ran-MSFT Mar 16 '21 at 06:42
Thank you for the answer...I created the `FASTLANE_SESSION` and it's working now, though I doubt that all 3 needs to be set up in the environment variable just `FASTLANE_SESSION` should work. I will check and let you know. – Ragesh Pikalmunde Mar 16 '21 at 12:10
Hi @RageshPikalmunde, you're welcome. Any update, feel free to tell us. – Bright Ran-MSFT Mar 17 '21 at 07:17
Hi @RageshPikalmunde, how are things going? Does `FASTLANE_SESSION` work for you? – Bright Ran-MSFT Mar 24 '21 at 06:23
yes it works, but `FASTLANE_SESSION ` is expiring in 1 or 2 days so I had to create a new one, I am trying to implement things with `apple connect API` so that problem will be solved permentaly https://docs.fastlane.tools/app-store-connect-api/ – Ragesh Pikalmunde Mar 24 '21 at 07:11
Hi @RageshPikalmunde, please go ahead. – Bright Ran-MSFT Mar 25 '21 at 07:10

score 1 · Answer 3 · answered Mar 17 '21 at 20:34

1

Most probably the FASTLANE_SESSION is not valid anymore, so you need to create a new: https://docs.fastlane.tools/best-practices/continuous-integration/

Recommended way is to use the App Store Connect API, so you do not need 2FA and do not need to recreate fastlane session: https://docs.fastlane.tools/app-store-connect-api/

You need to set key_id, issuer_id and key once (the key can be stored as a String) and no need to change it ever.

The Account Holder must give you access to the App Store Connect API.

answered Mar 17 '21 at 20:34

Nemanja Filipovic

206
1
3

can you please tell me how and where to add that `key_id, issuer_id` and `key` in azure DevOps? – Ragesh Pikalmunde Mar 22 '21 at 06:27
@RageshPikalmunde Under the ApplStoreRelease task in your AzureDevOps you need to change your auth method to `App Store Connect API Key`. Once you changed that, you'll see this 3 fields show up – Tommy Leong Mar 03 '22 at 13:56

score 1 · Answer 4 · answered Mar 28 '21 at 09:53

1

There are few solutions, but you can use pipeline variables for instance.

Name: key_id Value: <You will find this in AppStoreConnect>

Name: issuer_id Value: <You will find this in AppStoreConnect>

Name: key Value: <Open the .p8 Certificate in editor and add '\n' for every newline>

answered Mar 28 '21 at 09:53

Nemanja Filipovic

206
1
3

Name: `key` Value: `` I am confused about this, like where exactly this .p8 file needs to be uploaded and how to access it, can you please explain? – Ragesh Pikalmunde Apr 04 '21 at 09:51

2 Factor Authentication in CI-CD process for app store in azure DevOps

4 Answers4