In my organization we limit the ability for any production-use private credentials from being used in a developer environment. This creates a challenge with APNs keys due to their apparent intended use being a single key across all apps of the org, with the 2nd allowed key being only for the key rotation use case.
One idea I have to satisfy all concerns is to take advantage of the two key limit in a slightly different way:
- Generate the maximum two keys, and use one for dev environments and one for prod environments (with the key being secured according to our policies so that developers never get to see it).
- If we need to revoke the prod key at any point, we revoke the dev key, regenerate it and make that one the new prod key. Likewise, once that key is deployed in prod, revoke the old prod key and make that the new dev key.
Does this seem like a viable approach? Are there any better ways to achieve a fully isolated setup where the production APNs key doesn't appear on a developer environment?