diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index b4a7b07a..a875b8a3 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -255,6 +255,20 @@ jobs:
     env:
       # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
       QT_VERSION: 6.4.3
+
+      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}
+
+      MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }}
+      MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }}
+      MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }}
+
+      MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }}
+      MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }}
+      MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }}
+
+      APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }}
+      APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }}
+
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh
index 6bf41d96..7a69b3f8 100644
--- a/deploy/build_macos.sh
+++ b/deploy/build_macos.sh
@@ -99,11 +99,13 @@ security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH"
 # the artefacts without releasing them).
 
 if [ -n "${MAC_APP_CERT_PW-}" ]; then
+  echo "$MAC_APP_CERT_CERT" | base64 -d > "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12"
   security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" \
           -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -A
 fi
 
 if [ -n "${MAC_INSTALL_CERT_PW-}" ]; then
+  echo "$MAC_INSTALLER_SIGNER_CERT" | base64 -d > "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12"
   security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" \
           -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -A
 fi