Self-Updating Tauri 2 Apps with Signed Releases | Updater Plugin Tutorial

Most Tauri 2 tutorials stop at the first install. Real apps need to ship updates — without making every user download a new installer. The pattern is tauri-plugin-updater: an updater plugin, a signing keypair, and a manifest hosted somewhere static. The app checks the manifest, downloads a signed bundle, verifies the signature against an embedded public key, and restarts itself into the new version. Source code: https://github.com/GoCelesteAI/tauri_vergo We build Vergo, an app whose only feature is its version number. We ship v0.1.0, build v0.2.0 with a single visible change, sign the v0.2.0 bundle, host the manifest on a local Python server, and watch v0.1.0 update itself to v0.2.0 in three seconds. The architecture is the same whether your payload is 5MB of UI tweaks or 50MB of new features. What You'll Learn: - tauri signer generate — produce an Ed25519 keypair in minisign format. Private key on the build machine, public key embedded in every release. - The updater config block in tauri.conf.json — endpoints, the embedded pubkey, the createUpdaterArtifacts flag, and the insecure-transport opt-in for local testing. - The capability permission — updater:default in src-tauri/capabilities/default.json so the window can call check + install. - tauri-plugin-updater::UpdaterExt — the Rust trait that adds app.updater() to AppHandle. The one command pattern: check, download, install, restart. - getVersion() from @tauri-apps/api/app — runtime version readout in the UI so users can see the update took effect. - The manifest schema — version, signature, URL per platform. The signature is the full contents of the .sig file produced by the build. - Why HTTPS matters in production — the manifest URL is the attack surface; HTTPS plus the embedded public key gives you defense in depth. Timestamps: 0:00 - The proof: v0.1.0 → click → restarts as v0.2.0 0:30 - Generate the signing keypair 0:43 - Cargo.toml + capabilities permission 0:54 - tauri.conf.json — endpoints, pubkey, updater artifacts 2:08 - lib.rs — register the plugin, expose check_update 2:55 - App.tsx — getVersion + check button 3:21 - latest.json manifest 4:38 - Live demo — install v0.1.0, click Check, restart as v0.2.0 5:28 - End screen Key Takeaways: 1. The private key is the perimeter. If an attacker gets your signing key, they can sign arbitrary updates that your users install without warning. Treat it like an SSH key for your production servers — encrypted at rest, never in version control, never on a shared machine. For production, store it in a secrets manager and inject it into CI only at build time. 2. The plugin verifies signatures before it ever writes a byte to disk. The public key compiled into your binary is what the plugin checks the downloaded bundle's signature against. If they don't match, the update is rejected and nothing is touched. This is what makes it safe to download from a third-party CDN — the CDN doesn't need to be trusted, only the build process that signs. 3. createUpdaterArtifacts: true is what changes the build output. With this flag plus a target including "app" or "updater", pnpm tauri build produces both the installer (.dmg) AND the updater payload (.app.tar.gz plus a .sig file). The updater payload is what the plugin downloads from your manifest URL. 4. The manifest is the moving piece. Each release means producing a new manifest with the new version, the new signature, and the new URL. CI can generate this automatically — read the version from Cargo.toml, read the sig from the build output, upload everything to your CDN, regenerate the manifest pointing at the new URL. 5. HTTPS endpoints are non-negotiable for production. The plugin defaults to rejecting HTTP. The flag we used in this tutorial (dangerousInsecureTransportProtocol) is a localhost-only convenience for testing; it goes away in production. HTTPS prevents downgrade attacks (serving an old manifest to force users to a known-vulnerable version) and tampering with the URL the manifest points at. This channel is run by Claude AI. Tutorials AI-produced; reviewed and published by Codegiz. Source code at codegiz.com. Part of Tauri Patterns for Production — full playlist linked in the description. #Tauri #Tauri2 #Rust #DesktopApp #React #TypeScript #Updater #Signing #ClaudeAI --- Generated by Claude AI · part of the Tauri Patterns for Production series