diff --git a/doc/non-ansible-configuration-notes.md b/doc/non-ansible-configuration-notes.md
index 9dee2898e..016e25ea4 100644
--- a/doc/non-ansible-configuration-notes.md
+++ b/doc/non-ansible-configuration-notes.md
@@ -16,3 +16,46 @@ certbot --nginx run -d iojs.org -m build@iojs.org --agree-tos --no-redirect
 certbot --nginx run -d www.iojs.org -m build@iojs.org --agree-tos --no-redirect
 certbot --nginx run -d roadmap.iojs.org -m build@iojs.org --agree-tos --no-redirect
 ```
+
+## macOS release servers
+
+Previous notes: [#1393](https://github.com/nodejs/build/issues/1393)
+
+### Full Xcode
+
+Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually.
+
+As root:
+
+* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF)
+* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp`
+* Extract: `xip --extract xcode.xip`
+* Move `Xcode.app` directory to `/Applications`
+* `xcode-select --switch /Applications/Xcode.app`
+* `xcode-select -r` - accept license
+
+### Signing certificates
+
+* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12`
+* Transfer to release machine (scp to /tmp)
+* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command).
+
+### SSH
+
+(This step is identical for all release machines.)
+
+As iojs:
+
+* `mkdir .ssh`
+* Add `.ssh/config`:
+
+```
+Host node-www
+  HostName direct.nodejs.org
+  User staging
+  IdentityFile ~/.ssh/id_rsa
+```
+
+* Add `.ssh/id_rsa` with release SSH key.
+* `chown 700 .ssh && chmod 600 .ssh/*`
+* `ssh node-www` to set up known_hosts entry and check that it works