CI/CD for Android - Keystore Setup

Jov MitJov Mit
4 min read

One of the requirements to run an app on a device or emulator, or deploy it to the Google Play Store is the signature. An app must be signed with a special key for Google Play to accept it or a device to run it. You can think of the signature as something that proves your identity or brand.

The keys to sign apps are kept in a container that is called Keystore. As we will see below, one Keystore can hold many keys to sign different apps. In this section, we are going to create a new Keystore with keys inside it from scratch.

Keystore.svg

The most common way to create a new keystore is to use Android Studio, which has a built-in wizard for doing so. If you don't have an Android Studio installed, this is a great time to go ahead and install it. You can download it for free from the official Android Studio page

By default, the Android Studio implicitly creates a so-called debug keystore that is being used to run apps on an emulator or a real device. This Keystore, however, cannot be used to sign apps to deploy to Google Play. Just as its name suggests, it can be used only for debugging purposes. It is located in a hidden folder that the Android Studio normally creates in the home directory: ~/.android/debug.keystore

Now, let's create our own Keystore.

  1. Open the Android Studio (make sure you run a newer if not the newest version), and then open any existing project. If you don't have one, just create a new project. The project is irrelevant at this point, but we need one to be able to access the keystore creation menu.

  2. From the Build menu, choose Generate Signed Bundle / APK...

    Screenshot 2023-07-31 at 00.23.08.png

    It will open a dialog that allows us to choose how are we going to package our app.

    Screenshot 2023-07-31 at 08.34.46.png

    It is irrelevant at this point, so you can leave the selection as is and click Next. It will open a new dialog which is the app signing dialog

    Screenshot 2023-07-31 at 00.26.58.png

  3. Since we don't have a Keystore created yet, click on the Create new... button. As we can see, we can choose an existing keystore which is useful if we happened to have created one before. By choosing Create new... we will face a dialog where we need to type some information about our new Keystore

    Screenshot 2023-07-31 at 00.36.46.png

  4. Key store path - select a directory where you want your new keystore file to be created. You can choose your Desktop folder for example, since we won't keep this file locally on the computer for too long anyway.

    • Type in a password for your keystore and confirm it. Remember, this password is for your Keystore, and the Keystore is the container that holds keys. Check out the illustration below for better visualization.

Keystore (1).svg

  1. It won't make sense to have an empty Keystore - so we should add at least 1 key (the section below the keystore password).

    • Alias - this is how we identify and differentiate a key from other keys. My suggestion is to associate the alias with the app name that you will be singing with this key. So you will have 1:1 mapping of an app with a key.

    • Password - This is a password for the key itself. It is highly recommended to be different than the keystore password. Imagine your key store being a house, and your keys being different rooms inside your house. Each room has its own key which is different than the key of the house.

    • Validity - indicates the validity duration of the keystore. Feel free to leave it as is (25 years).

    • Certificate - Fill out the fields in the certificate section. If you have no organization to fill in, you can skip those 2 fields (Organization Unit and Organization)

Screenshot 2023-07-31 at 11.09.07.png

MAKE SURE to remember the passwords of the keystore and the key. Maybe write them down into a file or something handy until we finish the process of configuring the CI/CD.

  1. Finally, click on OK and you will be taken back to the signing dialog, with the data of the new keystore pre-filled.

    Screenshot 2023-07-31 at 11.10.25.png

    Note: Feel free to untick the Export encrypted key checkbox at the bottom of the dialog as it is deprecated. Google Play is introducing a new process to upload signing keys for increased security.

At this point, we have the Keystore with a single key inside it ready to use for signing! This is one more big step completed towards our goal! Time to set up the repository.

Jump to Repository Setup

0
Subscribe to my newsletter

Read articles from Jov Mit directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Jov Mit
Jov Mit

Hi, I'm Jov I'm a software craftsman, currently focusing on JVM, Kotlin, and Android I help programmers increase their earning potential. Feel free to DM me if you are interested, or check out: https://linktr.ee/jovmit