In our company, many developers need to use distribution certificate to sign in-house apps. We refer the URL https://help.apple.com/xcode/mac/current/#/dev154b28f09 to export the signing certificate and import it to developers' Mac computers. How can we prevent our developers to export the signing certificate in their Mac computers? Or could we configure a password to protect the signing certificate which can't be exported?
The best solution is to have a trusted build engineer or engineers (fewer or one is better) who will build and sign the final version of the applications for distribution. If your distributed eningeers can get to the certificate and private key to sign the app, they can share the credentials.