Comparison
HexSign vs Codemagic
Codemagic is a Flutter-first CI/CD platform that includes automatic iOS code signing as part of the build pipeline, generating or fetching certificates and provisioning profiles via the App Store Connect API at build time. HexSign is a dedicated dashboard for the certificate and profile lifecycle, independent of any specific CI provider.
TL;DR
- Codemagic's signing exists to feed builds. HexSign tracks signing assets across their entire lifecycle.
- Certificate revocation is not done inside Codemagic; the docs send you to Apple's portal. HexSign revokes from the dashboard.
- Codemagic has no documented relationship graph or first-party expiration alerts outside of build failures.
- HexSign works alongside any CI (Codemagic, Bitrise, GitHub Actions, Xcode Cloud) through the App Store Connect API.
Where teams hit friction
Common pain points with Codemagic
Why teams pick HexSign
What HexSign adds on top of Codemagic
Live relationship graph
An interactive graph linking certificates, provisioning profiles, bundle IDs, and devices. Click any node to see its dependencies and the blast radius of revoking or rotating it.
Expiration alerts before things break
Email and Slack webhook alerts at thresholds you choose (7, 14, 30, 60, 90 days). Send a test alert before enabling delivery, so there are no surprise expirations during a release.
Health score & expiring items
A 0–100% health score across every Apple account you connect, plus an expiring-items panel that surfaces what to act on first. No CLI invocation required.
Guided provisioning profile wizard
A step-by-step wizard picks the right profile type, identifier, signing certificate, and devices, then generates the profile through Apple's API. No portal tab-switching.
Multi-account dashboard
Connect one or many Apple Developer team accounts. Each syncs independently with its own status and error reporting, all visible from a single dashboard.
Audit logs, RBAC & MFA
Owner / Admin / Member roles, per-user auth activity log, and MFA via SMS or TOTP authenticator apps. Every certificate, profile, device, and identifier change is logged.
Side-by-side
HexSign vs Codemagic, feature by feature
HexSign | Codemagic | |
|---|---|---|
| Approach | ||
| Primary purpose | Apple Developer asset dashboard | CI/CD platform with code signing |
| Standalone of CI | Tied to build pipelines | |
| Setup | Add an ASC API key | Configure project + ASC API key |
| Open-source CLI | codemagic-cli-tools (open source) | |
| Asset Management | ||
| Certificate generation | Yes (during build) | |
| Certificate revocation | Done in Apple Developer Portal | |
| Profile creation | Yes, via wizard | Yes, automatic |
| Profile regeneration | Manual re-upload | |
| Manual cert/profile upload | Yes (.p12 + .mobileprovision) | |
| Bundle ID & capability management | Via Apple Developer Portal | |
| CSR generation with KMS-encrypted private key | ||
| Visibility & Monitoring | ||
| Relationship graph | ||
| Health score dashboard | ||
| Multi-account dashboard | Per-team Developer Portal integrations | |
| Audit perspective | Asset lifecycle | Build-centric |
| Alerts | ||
| Cert/profile expiration alerts (email) | Yes, custom thresholds | Not documented |
| Slack alerts for expiry | Build notifications only | |
| Team & Security | ||
| Role-based access control | Owner / Admin / Member | Team admin permissions |
| Multi-factor authentication | TOTP / SMS | Account-level |
| Audit logs | Build-centric | |
| Pricing | ||
| Free tier | ||
| Free trial | 7 days | |
| Enterprise plan | From $12,000/yr (SSO, SLAs) | |
FAQ
Questions about HexSign vs Codemagic
Other comparisons
Beyond Codemagic: more HexSign comparisons
Ready?
Move past Codemagic with HexSign
Connect your App Store Connect API key and get full visibility in minutes. No rip-and-replace required.