Upload your app’s signing key to be used for re-signing binaries for rollback releases.

We take security seriously and have a robust system in place for keeping your signing keys safe. Signing keys are encrypted both in transit and while at rest and, once uploaded, they are inaccessible from the open internet – our signing server sits in a virtual private cloud (VPC).

Signing keys are exclusively used for re-signing binaries – during this process, the signing key of the original binary is checked and must match the signing key being used for re-signing. This means that signing keys can never be used to sign a binary that wasn’t previously signed with the same signing key.