Sign APK without exposing keystore password

You can define the signing configuration to sign the apk in the build.gradle file using these properties:

storeFile : the keystore file
storePassword: the keystore password
keyAlias: a key alias name
keyPassword: A key alias password

In many case you may need to avoid this kind of info in the build.gradle file.

Method A: Configure release signing using a keystore.properties file

It’s possible to configure your app’s build.gradle so that it will read your signing configuration information from a properties file like keystore.properties.

Setting up signing like this is beneficial because:

Your signing configuration information is separate from your build.gradle file
You do not have to intervene during the signing process in order to provide passwords for your keystore file
You can easily exclude the keystore.properties file from version control

First, create a file called keystore.properties in the root of your project with content like this (replacing the values with your own):

storeFile=keystore.jks
storePassword=storePassword
keyAlias=keyAlias
keyPassword=keyPassword

Now, in your app’s build.gradle file, set up the signingConfigs block as follows:

android {
...

signingConfigs { release { def propsFile = rootProject.file(‘keystore.properties’) if (propsFile.exists()) { def props = new Properties() props.load(new FileInputStream(propsFile)) storeFile = file(props[‘storeFile’]) storePassword = props[‘storePassword’] keyAlias = props[‘keyAlias’] keyPassword = props[‘keyPassword’] } } }

That’s really all there is to it, but don’t forget to exclude both your keystore file and your keystore.properties file from version control.

A couple of things to note:

The storeFile path specified in the keystore.properties file should be relative to your app’s build.gradle file. This example assumes that the keystore file is in the same directory as the app’s build.gradle file.
This example has the keystore.properties file in the root of the project. If you put it somewhere else, be sure to change the value in rootProject.file('keystore.properties') to the location of yours, relative to the root of your project.

Method B: By using an environment variable

The same can be achieved also without a properties file, making the password harder to find:

android {

  signingConfigs {
    release {
        storeFile file('/your/keystore/location/key')
        keyAlias 'your_alias'
        String ps = System.getenv("ps")
        if (ps == null) {
             throw new GradleException('missing ps env variable')
        }
        keyPassword ps
        storePassword ps
    }
}

The "ps" environment variable can be global, but a safer approach can be by adding it to the shell of Android Studio only. In linux this can be done by editing Android Studio’s Desktop Entry

Exec=sh -c "export ps=myPassword123 ; /path/to/studio.sh"

You can find more details in this topic.

Found a mistake? Have a question or improvement idea? Let me know.

Gradle:

* Gradle for Android

* A basic build.gradle file

* Define and use Build Configuration Fields

* Centralizing dependencies via dependencies.gradle file

* Sign APK without exposing keystore password

* Adding product flavor-specific dependencies

* Specifying different application IDs for build types and product flavors

* Versioning your builds via version.properties file

* Defining product flavors

* Changing output apk name and add version name

* Adding product flavor-specific resources

* Why are there two build.gradle files in an Android Studio project

* Directory structure for flavor-specific resources

* Enable Proguard using gradle

* Ignoring build variant

* Seeing dependency tree

* Enable experimental NDK plugin support for Gradle and AndroidStudio

* Display signing information

* Executing a shell script from gradle

* Show all gradle project tasks

* Delete unaligned apk automatically

* Disable image compression for a smaller APK file size

* Debugging your Gradle errors

* Use gradle.properties for central versionnumberbuildconfigurations

* Defining build types

Table Of Contents

0 Getting Started

1 Layouts

2 Gradle

3 RecyclerView onClickListeners

4 NavigationView

5 Intent

6 JSON handling with org.json

7 Android Studio

8 Resources

9 Data Binding Library

10 Exceptions

11 Getting Calculated View Dimensions

12 AsyncTask

13 SharedPreferences

14 Emulator

15 Material Design

16 Lint Warnings

17 Service

18 Storing Files in Internal and External Storage

19 WebView

20 Project SDK versions

21 RecyclerView

22 Google Maps

23 PorterDuff Mode

24 9-Patch images

25 Android NDK

26 RecyclerView Decorations

27 Camera 2 API

28 ViewPager

29 CardView

30 HttpURLConnection

31 SQLite

32 ADB Android Debug Bridge

33 ButterKnife

34 Supporting different screen resolutions

35 Glide

36 Retrofit2

37 Dialog

38 ACRA

39 GreenDAO

40 Formatting Strings

41 Notifications

42 AlarmManager

43 Fragments

44 Handler

45 Creating Custom Views

46 BroadcastReceiver

47 Activity

48 Snackbar

49 Runtime Permissions in API-23

50 Logging and using Logcat

51 VectorDrawable and AnimatedVectorDrawable

52 Tools Attributes

53 Toast

54 Interfaces

55 Animators

56 Location

57 Theme Style Attribute

58 The Manifest File

59 Parcelable

60 MediaPlayer

61 Multidex and the Dex Method Limit

62 Data Synchronization with Sync Adapter

63 Menu

64 Instant Run in Android Studio

65 Picasso

66 Bluetooth LE API

67 RoboGuice

68 Memory Leaks

69 Universal Image Loader

70 Volley

71 Widgets

72 Date and Time Pickers

73 Integrate Google Sign In

74 In-app billing

75 FloatingActionButton

76 ContentProvider

77 Dagger 2

78 Realm

79 Unit testing in Android with JUnit

80 Android Versions

81 Wi-Fi Connections

82 SensorManager

83 Localization with resources

84 ProgressBar

85 Custom Fonts

86 Vibration

87 Google Awarness APIs

88 Text to Speech (TTS)

89 UI Lifecycle

90 Spinner

91 Data Encryption / Decryption

92 Testing UI with Espresso

93 Writing UI tests

94 GreenRobot EventBus

95 OkHttp

96 Enhancing Performance Using Icon Fonts

97 Handling Depp Links

98 Canvas drawing using SurfaceView

99 Firebase

100 Crash Reporting Tools

101 Check Internet Connectivity

102 Facebook SDK

103 Unzip File

104 Android Places API

105 Creating your own libraries

106 Handling JSON with Gson

107 Device Display Metrics

108 TextView

109 ListView

110 Building Backwards Compatible Apps

111 Loader

112 ProGuard - Obfuscating and Shrinking your code

113 Detect Shake Event

114 Typedef Annotations

115 Capturing Screenshots

116 MVP Architecture

117 Orientation Changes

118 Xposed

119 Security

120 PackageManager

121 ImageView

122 Gesture Detection

123 Doze Mode

124 Android Sound and Media

125 SearchView

126 Camera and Gallery

127 Callback URL

128 Twitter APIs

129 SqlCipher integration

130 Drawables

131 Colors

132 ConstraintLayout

133 RenderScript

134 Fresco

135 Swipe to Refresh

136 AutoCompleteTextView

137 Installing apps with ADB

138 IntentService

139 AdMob

140 Implicit Intents

141 Publish to Play Store

142 Firebase Realtime Database

143 Image Compression

144 Email Validation

145 Keyboard

146 Button

147 TextInputLayout

148 Bottom Sheets

149 CoordinatorLayout and Behaviors

150 EditText

151 Paypal Gateway Integration

152 Firebase App Indexing

153 Firebase Crash Reporting

154 Displaying Google Ads

155 Vk SDK

156 Localized DateTime

157 Count Down Timer

158 Reading Barcode and QR codes

159 Otto Event Bus

160 TransitionDrawable

161 Port Mapping using Cling

162 Creating Overlay always-on-top Windows

163 ExoPlayer

164 Inter-app UI testing with UIAutomator

165 MediaSession

166 Speech to Text Conversion

167 FileProvider

168 Publish .aar file to Apache Archive with Gradle

169 XMPP

170 Authenticator

171 RecyclerView and LayoutManagers

172 AudioManager

173 Job Scheduling

174 Accounts and AccountManager

175 OpenCV

176 Split Screen Multi-Screen Activities

177 Threads

178 MediaStore

179 Time Utils

180 Touch Events

181 Fingerprint API

182 MVVM Architecture

183 BottomNavigationView

184 ORMLite

185 YouTube API

186 TabLayout

187 Retrofit2 with RxJava

188 DayNight Theme AppCompat

189 ShortcutManager

190 LruCache

191 Using Jenkins CI

192 Zip files

193 Vector Drawables

194 Fastlane

195 Define step value for RangeSeekBar

196 Getting started with OpenGL ES 2.0

197 Check Data Connection

198 Java Native Interface (JNI)

199 FileIO

200 Perfomance Optimization

201 Robolectric

202 Moshi

203 Strick Mode Policy

204 Internalization and localization

205 Retrolambda

206 SparseArray

207 Firebase Cloud Messaging

208 Shared Element Transitions

209 Android Things

210 VideoView

211 ViewFlipper

212 Dependency Injection with Dagger 2

213 Formatting phone numbers

214 Storing password securely

215 Android Kernel Optimization

216 Paint

217 AudioTrack

218 ProGuard

219 Create Android Custom ROMs

220 Java on Android

221 Pagination in RecyclerVi

222 Genymotion for Android

223 Handling touch and motion events

224 Creating Splash screen

225 ConstraintSet

226 CleverTap

227 Publish library to Maven repositories

228 ADB shell

229 Ping ICMP

230 AIDL

231 Using Kotlin

232 Autosizing TextView

233 Signing apps for release

234 Context

235 Activity Recognition

236 Secure SharedPreferences

237 Secure SharedPreferences

238 Bitmap Cache

239 Android x86 in VirtualBox

240 JCodec

241 Design Patterns

242 Okio

243 Google SignIn integration

244 TensorFlow

245 Game developmen

246 Notification Channel

247 Bluetooth Low Energy (LE)

248 Leak Canary

249 FuseView

250 SQLite using ContentValues

251 Enhancing Alert Dialogs

252 Hardware Button Events, Intents PTT

253 SpannableString

254 Looper

255 Optimized VideoView

256 Google Drive API

257 Animated AlertDialog Box

258 Annotation Processor

259 SyncAdapter with periodically do sync of data

260 Singleton Class for Toast Message

261 Fastjson

262 Android Architecture Components

263 Jackson

264 Play Store

265 Loading Bitmaps Effectively

266 Getting system font names

267 Smartcard

268 Convert vietnamese string to english

269 Contributors