From 084fa89238fa57b1c4b54f727a076f6ac55609fe Mon Sep 17 00:00:00 2001
From: Caelan Sayler <git@caesay.com>
Date: Sun, 2 Jun 2024 10:59:53 +0100
Subject: [PATCH] Add more macos tips

---
 docs/packaging/signing.mdx | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/packaging/signing.mdx b/docs/packaging/signing.mdx
index 77b9a39..a2dea29 100644
--- a/docs/packaging/signing.mdx
+++ b/docs/packaging/signing.mdx
@@ -118,6 +118,13 @@ vpk pack \
 When these parameters are specified and valid, Velopack will automatically code sign and notarize your application and installer packages.
 
 :::tip
+Velopack will use `codesign` and `xcrun notarytool` to sign and notarize your application. By default they will use the default keychain on your device to discover certificates and the notary profile.
+If you would like to use a different keychain, you must install your certificates and create your notary profile on that keychain and use the Velopack `--keychain {path}`
+argument to specify that Velopack should discover certificates from a non-default keychain.
+<hr />
+If you do not provide an entitlements file for hardened runtime, one suitable for most dotnet apps will be provided for you automatically. If your app requires
+special entitlements and the defaults are not suitable, you should supply your own signing entitlements using `--signEntitlements {path}`
+<hr />
 Even though your certificate may appear as `Developer ID Application: Your Name (TeamName)` in Keychain Access, you should not specify the team name as a part of
 your `--signAppIdentity` or `--signInstallIdentity` arguments. Your certificate should just be `Developer ID Application: Your Name` with no team.
 :::