Apple developer certs - what to back up

Question

I'm new to iOS development. I know this has been asked so many times, but I'm still confused. We created a new developer.apple.com organization and I have invited my personal Apple ID as an admin, then registered my personal Apple ID within Xcode. From there I opened Team -> "View Details". To create the signing identities, I simply clicked "Create" next to iOS Development and iOS Distribution. Xcode did all the work and I never created a certificate signing request.

We now have a iOS Development (in my name) and Distribution (in the company name) certificates. I have created an App ID and a provisioning profile for wildcard (development) and explicit app ID (distribution).

Now my question is - what do I need to back up from my Keychain and why? It seems I can just re-download everything I need from developer.apple.com. For fun, after doing all this, I deleted the iPhone Developer / iPhone Distribution certs from my keychain, after backing them up, just to see what would happen. Restarting Xcode -> Accounts -> Team -> "View Details" -> "Download All" seemed to download the same private keys I just deleted from my Keychain, which is good.

That suggests to me it's not really important that I back those up. I've heard some say that you absolutely must back up the CSR, but since I never created one, I'm rather confused. My assumption is that Xcode automatically created a transient CSR which I have no access to. The manual CSR route also creates a public and private key pair in your Keychain, and some say to back those up for sure. Since I didn't create a CSR, I only have a cert and private key. No public key was created / registered by Xcode.

If my machine spontaneously combusts, it seems I don't need to recover anything from a backup. Just install xcode, add my Apple ID, and use Download All to retrieve the certs / private keys. Is there something I am missing? I have Time Machine backups to recover from, but I'm curious which assets I should preserve so the rest of our organization can continue to update the app should I, or my computer, vaporize.

Answer 1

You don't need to back up anything. Instead, if you lose your private key or other unrecoverable bits of your developer profile, you can reset everything and create all-new keys, certificates, etc. for your account and revoke the old ones.

You can back everything up if you want, and it's easy. In Xcode's Account Preferences, export your developer profile to a file and back up that file. The profile is encrypted for safety and includes things you cannot re-download from the Apple Developer Center like your private key. You can use this as a backup, and also to easily set up your developer account(s) on multiple Macs.

To export your profile, open the Accounts tab of Xcode's preferences. Click the ⋯⃝ (three dots in a circle icon) in the bottom left area and choose “Export Apple ID and Code Signing Assets…”.

(In older versions of Xcode, the icon was a gear and the menu item was “Export Developer Accounts…”).

Answer 2

what do I need to back up from my Keychain and why?

Nothing. In a worst case scenario everything can be retrieved / regenerated from the Member Center. Just don't forget your Apple ID and password.