# 🔐 Generating `TAURI_SIGNING_PRIVATE_KEY` for Tauri Tauri uses a signing key to ensure the integrity and authenticity of application bundles and updates. Here's how to generate and use `TAURI_SIGNING_PRIVATE_KEY`. --- ## 1. 📌 What is `TAURI_SIGNING_PRIVATE_KEY`? It is an environment variable used to sign your Tauri app's bundles and update artifacts. Tauri also supports `TAURI_SIGNING_PRIVATE_KEY_PASSWORD` if your key is password-protected. --- ## 2. 🛠 Generate the Signing Key Pair Use the Tauri CLI to generate a new signing key pair: ```bash # macOS/Linux npm run tauri signer generate -- -w ~/.tauri/myapp.key # Windows (PowerShell) npm run tauri signer generate -- -w $HOME/.tauri/myapp.key ``` This creates two files: - `myapp.key` → Your **private key** (keep it safe!) - `myapp.key.pub` → Your **public key** (embed this in your Tauri config) --- ## 3. 🔧 Embed Public Key in `tauri.conf.json` Include the public key in your config file like so: ```json { "plugins": { "updater": { "pubkey": "insert_contents_of_myapp.key.pub_here" } } } ``` --- ## 4. ✅ Use the Private Key in CI or Locally You can set the private key either as a file path or directly as a string. ### 🗂 Option A: Use File Path ```bash export TAURI_SIGNING_PRIVATE_KEY=~/.tauri/myapp.key export TAURI_SIGNING_PRIVATE_KEY_PASSWORD="yourPassword" # optional npm run tauri build ``` ### 📄 Option B: Inline Key in CI ```yaml env: TAURI_SIGNING_PRIVATE_KEY: | -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- TAURI_SIGNING_PRIVATE_KEY_PASSWORD: "yourPassword" # optional ``` --- ## 5. 🚀 Build Run the build as usual: ```bash npm run tauri build ``` The Tauri CLI will use the provided key to sign the app and any update artifacts automatically. --- ## ✅ Summary 1. Use `tauri signer generate -- -w <path>` to create the keypair. 2. Embed the `.key.pub` in `tauri.conf.json`. 3. Set `TAURI_SIGNING_PRIVATE_KEY` and optional `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`. 4. Run `tauri build` to sign and package your app. ---