Skip to content
Latchkey

Tauri macOS "signingIdentity ... not found" in CI

Tauri code-signs the macOS app with the identity from macOS.signingIdentity or APPLE_SIGNING_IDENTITY. On an ephemeral runner the keychain has no such certificate, so signing fails.

What this error means

tauri build fails with "Failed to detect any signing identity" or "The specified item could not be found in the keychain" for the configured signingIdentity.

tauri
Error failed to bundle project: failed to run codesign:
error: The specified item could not be found in the keychain.
signingIdentity "Developer ID Application: Acme (TEAMID)" not found

Common causes

The certificate is not imported

No Developer ID Application certificate is in the runner keychain, so the configured identity cannot be matched.

The signing env vars are unset

APPLE_CERTIFICATE / APPLE_CERTIFICATE_PASSWORD / APPLE_SIGNING_IDENTITY are not provided, so Tauri has nothing to import or select.

How to fix it

Provide the certificate via Tauri env vars

Pass the base64 .p12, its password, and the identity name as secrets so Tauri imports and selects it.

.github/workflows/ci.yml
env:
  APPLE_CERTIFICATE: ${{ secrets.APPLE_CERT_P12_BASE64 }}
  APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
  APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}

Match the identity string exactly

The signingIdentity must match the certificate common name verbatim, including the team id in parentheses.

tauri.conf.json
"macOS": { "signingIdentity": "Developer ID Application: Acme (TEAMID)" }

How to prevent it

  • Inject the .p12 as a base64 secret with its password.
  • Keep the signingIdentity string matching the certificate name.
  • Use a temporary keychain created and removed per job.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →