Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

sign.toml Reference

sign.toml is the configuration file for cargo-codesign. It maps platform signing settings to environment variable names.

File location

cargo-codesign looks for config in this order:

  1. --config <PATH> flag (explicit)
  2. ./sign.toml (project root)
  3. ./.cargo/sign.toml (fallback)

If both ./sign.toml and ./.cargo/sign.toml exist, ./sign.toml wins and a warning is emitted.

Full example

# sign.toml — cargo-codesign configuration
# Generate with: cargo codesign init (coming soon)

[macos]
identity = "Developer ID Application"
entitlements = "entitlements.plist"
auth = "api-key"    # "api-key" (CI) or "apple-id" (local/indie)

[macos.dmg]
background = "assets/dmg-background.png"
window-size = [660, 400]
icon-size = 128
app-position = [160, 200]
app-drop-link = [500, 200]

[macos.env]
# api-key mode
certificate          = "MACOS_CERTIFICATE"
certificate-password = "MACOS_CERTIFICATE_PASSWORD"
notarization-key     = "APPLE_NOTARIZATION_KEY"
notarization-key-id  = "APPLE_NOTARIZATION_KEY_ID"
notarization-issuer  = "APPLE_NOTARIZATION_ISSUER_ID"
# apple-id mode
apple-id     = "APPLE_ID"
team-id      = "APPLE_TEAM_ID"
app-password = "APPLE_APP_PASSWORD"

[windows]
timestamp-server = "http://timestamp.acs.microsoft.com"

[windows.env]
tenant-id      = "AZURE_TENANT_ID"
client-id      = "AZURE_CLIENT_ID"
client-secret  = "AZURE_CLIENT_SECRET"
endpoint       = "AZURE_SIGNING_ENDPOINT"
account-name   = "AZURE_SIGNING_ACCOUNT_NAME"
cert-profile   = "AZURE_SIGNING_CERT_PROFILE"

[linux]
method = "cosign"     # cosign | minisign | gpg

[linux.env]
key = "COSIGN_PRIVATE_KEY"

[update]
public-key = "update-signing.pub"

[update.env]
signing-key = "UPDATE_SIGNING_KEY"

[status]
cert-warn-days = 60
cert-error-days = 7

Sections

[macos]

FieldTypeDefaultDescription
identitystring"Developer ID Application"Signing identity substring
entitlementspathnonePath to entitlements plist
auth"api-key" or "apple-id"requiredNotarization auth mode

[macos.dmg]

Optional. When present, the DMG gets a styled installer window with a background image and positioned icons. When absent, a plain DMG is created.

FieldTypeDescription
backgroundpathBackground image (PNG recommended). Relative to the directory where cargo codesign runs.
window-size[width, height]Finder window size in pixels, e.g. [660, 400].
icon-sizeintegerIcon size in the Finder window (px), e.g. 128.
app-position[x, y]Position of the .app icon in the window.
app-drop-link[x, y]Position of the Applications symlink icon.

All fields are required when the section is present. See DMG Styling for a complete walkthrough.

[macos.env]

Maps credential fields to environment variable names. Which fields are required depends on the auth mode:

apple-id mode:

FieldRequiredDescription
apple-idyesEnv var for Apple ID email
team-idyesEnv var for team ID
app-passwordyesEnv var for app-specific password

api-key mode:

FieldRequiredDescription
certificateyesEnv var for base64 .p12 certificate
certificate-passwordyesEnv var for .p12 password
notarization-keyyesEnv var for base64 .p8 API key
notarization-key-idyesEnv var for API key ID
notarization-issueryesEnv var for issuer ID

[windows]

FieldTypeDefaultDescription
timestamp-serverstringnoneTimestamp server URL

[windows.env]

FieldDescription
tenant-idAzure tenant ID
client-idAzure client ID
client-secretAzure client secret
endpointAzure signing endpoint
account-nameAzure signing account name
cert-profileAzure certificate profile

[linux]

FieldTypeDescription
method"cosign", "minisign", or "gpg"Signing method

[linux.env]

FieldDescription
keySigning key env var

[update]

FieldTypeDescription
public-keypathPath to public key file

[update.env]

FieldDescription
signing-keyEnv var for base64 Ed25519 private key

[status]

FieldTypeDescription
cert-warn-daysintegerWarn when cert expires within N days
cert-error-daysintegerError when cert expires within N days

Strict parsing

All sections use deny_unknown_fields — typos in field names cause a clear parse error rather than being silently ignored.