fix: fix leftover inconsistent env var in tauri signer sign command (#14759)

amrbashir · web-flow · commit 84b04c4a8d33 · 2026-01-11T20:37:52.000+02:00
diff --git a/.changes/signing-env-vars.md b/.changes/signing-env-vars.md
@@ -0,0 +1,14 @@
+---
+"tauri-cli": patch:enhance
+"@tauri-apps/cli": patch:enhance
+---
+
+Added new environment variables for `tauri signer sign` command, to align with existing environment variables used in `tauri build`, `tauri bundle` and `tauri signer generate`
+- `TAURI_SIGNING_PRIVATE_KEY`
+- `TAURI_SIGNING_PRIVATE_KEY_PATH`
+- `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`
+
+The old environment variables are deprecated and will be removed in a future release.
+- `TAURI_PRIVATE_KEY`
+- `TAURI_PRIVATE_KEY_PATH`
+- `TAURI_PRIVATE_KEY_PASSWORD`
diff --git a/crates/tauri-cli/src/signer/generate.rs b/crates/tauri-cli/src/signer/generate.rs
@@ -39,26 +39,29 @@ pub fn command(mut options: Options) -> Result<()> {
       save_keypair(options.force, output_path, &keypair.sk, &keypair.pk)
         .expect("Unable to write keypair");
 
-    println!(
-        "\nYour keypair was generated successfully\nPrivate: {} (Keep it secret!)\nPublic: {}\n---------------------------",
-        display_path(secret_path),
-        display_path(public_path)
-        )
+    println!();
+    println!("Your keypair was generated successfully:");
+    println!("Private: {} (Keep it secret!)", display_path(secret_path));
+    println!("Public: {}", display_path(public_path));
+    println!("---------------------------")
   } else {
-    println!(
-      "\nYour secret key was generated successfully - Keep it secret!\n{}\n\n",
-      keypair.sk
-    );
-    println!(
-          "Your public key was generated successfully:\n{}\n\nAdd the public key in your tauri.conf.json\n---------------------------\n",
-          keypair.pk
-        );
+    println!();
+    println!("Your keys were generated successfully!",);
+    println!();
+    println!("Private: (Keep it secret!)");
+    println!("{}", keypair.sk);
+    println!();
+    println!("Public:");
+    println!("{}", keypair.pk);
   }
 
-  println!("\nEnvironment variables used to sign:");
-  println!("`TAURI_SIGNING_PRIVATE_KEY`  Path or String of your private key");
-  println!("`TAURI_SIGNING_PRIVATE_KEY_PASSWORD`  Your private key password (optional)");
-  println!("\nATTENTION: If you lose your private key OR password, you'll not be able to sign your update package and updates will not work.\n---------------------------\n");
+  println!();
+  println!("Environment variables used to sign:");
+  println!("- `TAURI_SIGNING_PRIVATE_KEY`: String of your private key");
+  println!("- `TAURI_SIGNING_PRIVATE_KEY_PATH`: Path to your private key file");
+  println!("- `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`:  Your private key password (optional if key has no password)");
+  println!();
+  println!("ATTENTION: If you lose your private key OR password, you'll not be able to sign your update package and updates will not work");
 
   Ok(())
 }
diff --git a/crates/tauri-cli/src/signer/sign.rs b/crates/tauri-cli/src/signer/sign.rs
@@ -21,25 +21,58 @@ pub struct Options {
     short = 'k',
     long,
     conflicts_with("private_key_path"),
-    env = "TAURI_PRIVATE_KEY"
+    env = "TAURI_SIGNING_PRIVATE_KEY"
   )]
   private_key: Option<String>,
   /// Load the private key from a file
   #[clap(
     short = 'f',
     long,
     conflicts_with("private_key"),
-    env = "TAURI_PRIVATE_KEY_PATH"
+    env = "TAURI_SIGNING_PRIVATE_KEY_PATH"
   )]
   private_key_path: Option<PathBuf>,
   /// Set private key password when signing
-  #[clap(short, long, env = "TAURI_PRIVATE_KEY_PASSWORD")]
+  #[clap(short, long, env = "TAURI_SIGNING_PRIVATE_KEY_PASSWORD")]
   password: Option<String>,
   /// Sign the specified file
   file: PathBuf,
 }
 
+// Backwards compatibility with old env vars
+// TODO: remove in v3.0
+fn backward_env_vars(mut options: Options) -> Options {
+  let get_env = |old, new| {
+    if let Ok(old_value) = std::env::var(old) {
+      println!(
+      "\x1b[33mWarning: The environment variable '{old}' is deprecated. Please use '{new}' instead.\x1b[0m",
+    );
+      Some(old_value)
+    } else {
+      None
+    }
+  };
+
+  options.private_key = options
+    .private_key
+    .or_else(|| get_env("TAURI_PRIVATE_KEY", "TAURI_SIGNING_PRIVATE_KEY"));
+
+  options.private_key_path = options.private_key_path.or_else(|| {
+    get_env("TAURI_PRIVATE_KEY_PATH", "TAURI_SIGNING_PRIVATE_KEY_PATH").map(PathBuf::from)
+  });
+
+  options.password = options.password.or_else(|| {
+    get_env(
+      "TAURI_PRIVATE_KEY_PASSWORD",
+      "TAURI_SIGNING_PRIVATE_KEY_PASSWORD",
+    )
+  });
+  options
+}
+
 pub fn command(mut options: Options) -> Result<()> {
+  options = backward_env_vars(options);
+
   options.private_key = if let Some(private_key) = options.private_key_path {
     Some(std::fs::read_to_string(Path::new(&private_key)).expect("Unable to extract private key"))
   } else {
