Can p8 Key be shared in anyway?

Hello. I have a very practical problem. A company would like me to develop an iOS app for them, and my counterpart is their company's marketing team. They want me to use their Firebase account for multiple purposes, but as they are marketing team, not IT team, they do not have Apple Developer account.

So in this peculiar case, as I am the developer of the app, it seems they will need my p8 key to be placed in their Firebase account in order for Push notification to work. But I have concern as p8 key sounds like something private which I should not share with others.

Can anyone share with me what I should do in this very practical case? Is p8 key supposed to be sharable to others? I have tried to google this topic but I don't have any answers. I have even tried to ask on stackoverflow but admin over there said this question is opinion-based and closed my thread.

The p8, as with any credentials should not be shared. How this will effect the lives of both parties will depend on the ongoing relationship between them.

First of all, who is going to be publishing the app. Is it you? In your name? Must be, if they don't have a developer account. Many problems will arise:

  • do you have any other apps you are publishing on your own, or for other clients? Whomever holds the p8 will have the right and ability to send any kind of notifications to any of the apps you publish under your account. Do you trust them to not do this? Will you trust them in 5 years?
  • similarly for them, if you have a falling out, or even decide you are quitting development and will move to a small island to become a fisherman. What will they do? Once your account expires, the p8 is no good to them, and now they are stuck.

You asked for practical cases where this is a bad idea, and here they are.

The correct way for this to be done is for them to make a developer account, add you as a trusted Developer, so you can build the app under their account, and upload the app to App Store as such. You might need higher access to create App IDs, profiles, certificates and keys, etc., so they can either trust you to add as an Admin, or do it themselves with your guidance.

Can p8 Key be shared in anyway?
 
 
Q