Is App Store Connect API Key necessary/not replacable for notary-submit?

[Yuuon]

We're trying to make an automated build pipeline, which everything is on Linux. It's nice to have this tool to do the mac notarization on Linux, but I have some questions about notarization.

So from the document, it says that it need an "App Store Connect API Key", which contains the 3 components. What confuses me is the "PEM encoded ECDSA private key" -- I'm asking around in my team if any one knows this, but before I get the answer, I've noticed that there are something different from what I'm doing.

Currently I manually notarize a singed app on Mac by command below:

xcrun notarytool submit application.zip \
--apple-id "[user_id_for_login_apple]" \
--team-id "[the_ten_character_and_number_after_team_name]" \
--password "[sixteen_character_divided_by_4_with_-]" \
-v -f "json" \
--wait

And this works.

I'm not sure whether this is related, but we don't need to publish our app on App store, so we're using "Developer ID Application" certification to code sign the app.

So I'm wondering for rcodesign, is there anything equals to what I'm doing on Mac, which, doesn't need that "PEM encoded ECDSA private key"?

[roblabla]

Apple has access to internal APIs, which is likely what they're using here. For us we have to use the official Notary API, which mandates the use of App Store Connect API Keys. It doesn't matter whether you're publishing on the AppStore or not. So no, there's no way to do that, at least not without using private APIs, which I think we'd rather avoid if we can.

Check out our documentation on how to create an AppStore Connect API Key.

[Yuuon]

Okay, got it. Thanks for the answer.