How to properly hide Android keystore file and passwords when using Source Control?

Hi, everybody.

I’m working on a game for mobile platforms, and I’m a bit concerned by the fact, that I need to put my keystore file in the project folder, and a password to it in project’s settings.

I’m willing to use source control with this project, and I want to know, if it’s safe, or what do I need to do in order for it to be safe. And how do I not let my password and keystore file not seep through to the remote repository.

I can add a keystore file to ignore list f my source control, that part is clear.

I can manually set and clear the password field in the settings each time, but I’m human and I can easily forget to clear the field some day, so that’s not a good solution.

So what’s the proper take on this?

Would also like to know how others are handling this.

My team’s current solution is having the build server run a script that modifies the DefaultEngine.ini file in the project to add something like: