diff --git a/.gitignore b/.gitignore
index 96306d6..39eb671 100644
--- a/.gitignore
+++ b/.gitignore
@@ -77,3 +77,5 @@ scripts/config.json
 **/*.keystore
 **/secrets.tar
 **/*.cer
+**/*.p12
+**/*.mobileprovision
diff --git a/.travis.yml b/.travis.yml
index e08b0cd..7b1ec54 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,7 +27,9 @@ matrix:
     - nvm install 8
     - yes | sdkmanager "platforms;android-27"
     - echo {} > cordova-app/build.json
-    - if [ "$TRAVIS_PULL_REQUEST" == false ]; then openssl aes-256-cbc -K $encrypted_38869813af8b_key -iv $encrypted_38869813af8b_iv -in cordova-app/secrets.tar.enc -out cordova-app/secrets.tar -d && cd cordova-app && tar xvf secrets.tar && cd ..; fi
+    - if [ "$TRAVIS_PULL_REQUEST" == false ]; then openssl aes-256-cbc -K $encrypted_24a643539195_key
+      -iv $encrypted_24a643539195_iv -in cordova-app/secrets.tar.enc -out cordova-app/secrets.tar
+      -d && cd cordova-app && tar xvf secrets.tar && cd ..; fi
     install:
     - npm install
     script:
@@ -59,13 +61,18 @@ matrix:
     osx_image: xcode10.1
     node_js:
     - '8'
+    env:
+    - secure: jfdXsl7ajV/xQNW47p1yyEKDkMfxMRqOQE6U/vmGTKA78SLwvCYYjQUksXh8Tupoiz71mDF5qzUL7Y1tuKONlFeMOh4Qmkcyom33+lzPUeiF3lQpPocLNMP2Y77HnuKQiPb9dpdPAzpAHoVrETTSW+XX03qzb2okojx80t2QDUlhieZ6qVTWWtpaRG3P+nv8Ms/cBMBRlOJ+dLLMa6o1rOOlYJnr2ARwJfvezY0S/OvDx+lX4C4MnRp3emCLK+2tzAPrZ3kNn/9jYmgdIybDSqMpCiPfSF3vrOfOakpefVINLbafI1qJMTbnL1ANwFK/MjgMLyR0HRnrvVCLv9rIk8oie/Vr+OPxssAzqmdOcey4hVCNd15mxf1/ZtbnXQpmt4GF02NggrGtVSd9vIqws+EhKl+X55NFnM/BjnagUFjKWl4Kl2yunYwFkywbARbQe6RNzi7mOzwizoduLxPboGcOPoREjrCxAaefsXtlxJZVyuYW+9ylIMDsrr/1xD1nPof8Wv+HqIgDWdBkK1FWiyJvYBBEyQY5gdm9fRPhorO45BZ0fAMnC8JhsnajPFnmuRR88VQHLNW/XDPgTM+FADNMZcFMj+Z1hu2V0eDXebFILthvRU5Q82MLMHUPEhYc/h82wy2+SWD3m5nDmja/W52lWNO+C8jp0O7Zt177V08=
     cache:
       directories:
       - node_modules/
     before_install:
     - nvm use 8
     - echo {} > cordova-app/build.json
-    - if [ "$TRAVIS_PULL_REQUEST" == false ]; then openssl aes-256-cbc -K $encrypted_38869813af8b_key -iv $encrypted_38869813af8b_iv -in cordova-app/secrets.tar.enc -out cordova-app/secrets.tar -d && cd cordova-app && tar xvf secrets.tar && cd ..; fi
+    - if [ "$TRAVIS_PULL_REQUEST" == false ]; then openssl aes-256-cbc -K $encrypted_24a643539195_key
+      -iv $encrypted_24a643539195_iv -in cordova-app/secrets.tar.enc -out cordova-app/secrets.tar
+      -d && cd cordova-app && tar xvf secrets.tar && cd ..; fi
+    - if [ "$TRAVIS_PULL_REQUEST" == false ]; then ./scripts/add-key.sh; fi
     script:
     - npm run build
     - npm run build:ios
diff --git a/README.md b/README.md
index 0448687..08c9045 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,11 @@
 # plastic-patrol
 
-This app is built based on [Geovation Photos](https://github.com/Geovation/photos) stack.
\ No newline at end of file
+This app is built based on [Geovation Photos](https://github.com/Geovation/photos) stack.
+
+# Travis
+After changing any secret file:
+```
+cd cordova-app
+tar cvf secrets.tar build.json *.cer *.p12 *.mobileprovision *.keystore
+travis encrypt-file secrets.tar secrets.tar.enc -p -r Geovation/plastic-patrol
+```
diff --git a/cordova-app/secrets.tar.enc b/cordova-app/secrets.tar.enc
index 6694f9f..521d74f 100644
Binary files a/cordova-app/secrets.tar.enc and b/cordova-app/secrets.tar.enc differ
diff --git a/scripts/add-key.sh b/scripts/add-key.sh
new file mode 100755
index 0000000..b15a221
--- /dev/null
+++ b/scripts/add-key.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+# Create a custom keychain
+security create-keychain -p travis ios-build.keychain
+
+# Make the custom keychain default, so xcodebuild will use it for signing
+security default-keychain -s ios-build.keychain
+
+# Unlock the keychain
+security unlock-keychain -p travis ios-build.keychain
+
+# Set keychain timeout to 1 hour for long builds
+# see http://www.egeek.me/2013/02/23/jenkins-and-xcode-user-interaction-is-not-allowed/
+security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
+
+# Add certificates to keychain and allow codesign to access them
+security import ./cordova-app/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
+security import ./cordova-app/certs/dist.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
+security import ./cordova-app/certs/dist.p12 -k ~/Library/Keychains/ios-build.keychain -P $APPLE_KEY_PASSWORD -T /usr/bin/codesign
+
+# Put the provisioning profile in place
+mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+cp "./cordova-app/Geovation.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/