TrainstackTrainstack
PricingGet Started
Getting StartedDevelopersRoadmap

iOS Configuration

Managing Apple credentials and key rotation for the iOS app.

Apple credentials for Sign in with Apple and push notifications. Covers where secrets live and how to rotate them.

Sign in with Apple

The Apple Sign in private key (.p8) and associated metadata are stored in 1Password under Trainstack / Apple Sign In. The backend needs a client secret JWT derived from this key — it expires every 180 days and needs periodic rotation.

Rotating the Client Secret

bun tooling/oadev/src/index.ts rotate-apple-auth-secret

This reads the key from 1Password, generates a fresh 180-day JWT, and sets it in Pulumi config (apple-client-secret). Then deploy:

cd infra && pulumi up

The key itself doesn't expire

The .p8 private key is permanent. Only the JWT derived from it needs regeneration every ~6 months.

Push Notifications (APNs)

Planned Feature

APNs key setup and Expo push credential configuration.

Mobile App

Expo React Native app with HealthKit integration.

Web App

Next.js app serving docs and the future dashboard.

On this page

Sign in with AppleRotating the Client SecretPush Notifications (APNs)