Right now we use an Apple ID and app-specific password to notarize our application with Apple. This unnecessarily ties our builds to the permissions of an individual developer. If their permissions are reduced it could break notarization; if their permissions are increased it means our credentials are more powerful than they need to be.
notarytool can be configured to use an API key on the command line: https://keith.github.io/xcode-man-pages/notarytool.1.html#App
We also need an admin of our Apple Account to generate the key and add it to the GitHub Actions secrets.
Right now we use an Apple ID and app-specific password to notarize our application with Apple. This unnecessarily ties our builds to the permissions of an individual developer. If their permissions are reduced it could break notarization; if their permissions are increased it means our credentials are more powerful than they need to be.
notarytoolcan be configured to use an API key on the command line: https://keith.github.io/xcode-man-pages/notarytool.1.html#AppWe also need an admin of our Apple Account to generate the key and add it to the GitHub Actions secrets.