Export and sign your UPM package

Export and sign your Unity Package Manager (UPM) package so you can share it with others.

Starting with Unity 6.3, publishers can sign their package directly from the Package Manager window or by using command line arguments.

When you sign a package, you must associate it with one of your organizations, so package consumers can quickly determine who created and owns it.

The only packages you can sign are packages that have the Custom or Local label in the Package Manager window:

A Custom label appears on packages you’re developing or customizing in the Packages folder of your project.
A Local label appears on packages you installed with the Package Manager’s Install package from disk method, or package folders you reference as dependencies in your project manifest file.

Use the following procedures to export and sign your UPM packageA Package managed by the Unity Package Manager. Refer to Packages.
See in Glossary with the Package Manager window or command line arguments.

Sign a package from the Package Manager window

To sign a package from the Package Manager window:

Make sure you’re signed in to the Unity Hub.
Open the Package Manager Window.
Select the package you want to sign.
Select Export.

The Package Manager window with the Export button for an editable package

Note: Another way to access the export dialog is with the menus. Go to the Project window and select the base folder for your package in the Packages folder. Open the Assets menu (or right-click your package folder) and select Export as UPM Package.
In the Export Package dialog that appears, open the Authoring Org menu and select the organization you want to associate this package with.
Select a location to store the signed package and select Select Folder (Windows) or Choose (macOS).

Note: If the package already exists in that location, a warning message prompts you to confirm overwriting the file.
When the export process completes, your file management application opens at the location you specified, showing you the newly created file. A confirmation message also displays in the Console window.

The export operation creates a tarball file (.tgz), which is a compressed archive file. This tarball file contains an encrypted file (.attestation.p7m), which contains the package signature.

Refer to Share your package for information about distributing this tarball file to others.

Sign a package using command line arguments

If you publish packages using continuous integration (CI), you can sign your package from the command line.

To gather your organization’s Organization ID and sign your package from the command line:

If the project that uses the package you want to sign is open, close the Unity Editor.
Go to the Unity Cloud Dashboard (https://cloud.unity.com/account/my-organizations) and select the organization you want to use to sign your package.

Note: You can also select the link for your account in the top right corner of the dashboard and select Switch organization for the intended organization, then open the menu again and select Manage organization.
From the My organizations page (or the Organization Settings page), locate the Organization ID field.
Copy the Organization ID value.
Open a command prompt window.
Change directories to the location of your Unity Editor. For more information, refer to Unity Editor command line arguments and Locate the Editor program file.
Input the following command, replacing the placeholder values represented by angled brackets:

Windows

Unity.exe -batchmode -username <your_username> -password <your_password> \
    -upmPack <path_to_package_folder> <path_to_tarball> \
    -cloudOrganization <your_organization_id>

macOS

Unity.app/Contents/MacOS/Unity -batchmode -username <your_username> -password <your_password> \
    -upmPack <path_to_package_folder> <path_to_tarball> \
    -cloudOrganization <your_organization_id>

Parameter to replace	Description
`<your_username>`	The username you use to sign in to the Unity Hub or Unity Editor.
`<your_password>`	The password you use to sign in to the Unity Hub or Unity Editor.
`<path_to_package_folder>`	The fully qualified path to the folder that contains the `package.json` file for the package you want to sign. Note: Don’t include `package.json` in this parameter value.
`<path_to_tarball>`	The output path where you want to save the signed tarball file (`.tgz`). Note: If the folder doesn’t exist, the command creates it for you.
`<your_organization_id>`	The Organization ID you copied from the Unity Cloud Dashboard.

The output tarball file contains an encrypted file (.attestation.p7m), which contains the package signature.

Refer to Share your package for information about distributing this tarball file to others.

Additional information

Document your package

Share your package

Unity Manual

Export and sign your UPM package

Sign a package from the Package Manager window

Sign a package using command line arguments

Windows

macOS

Additional information