How to properly hide Android keystore file and passwords when using Source Control?

vnhllsng · November 16, 2015, 3:42pm

Hi, everybody.

I’m working on a game for mobile platforms, and I’m a bit concerned by the fact, that I need to put my keystore file in the project folder, and a password to it in project’s settings.

I’m willing to use source control with this project, and I want to know, if it’s safe, or what do I need to do in order for it to be safe. And how do I not let my password and keystore file not seep through to the remote repository.

I can add a keystore file to ignore list f my source control, that part is clear.

I can manually set and clear the password field in the settings each time, but I’m human and I can easily forget to clear the field some day, so that’s not a good solution.

So what’s the proper take on this?

drh · March 7, 2017, 3:45pm

Would also like to know how others are handling this.

My team’s current solution is having the build server run a script that modifies the DefaultEngine.ini file in the project to add something like:

...
KeyStore=gearvr-distribution.keystore
KeyAlias=your_key_alias
KeyStorePassword=SomePassword

Romeno · March 21, 2024, 12:27am

Why no answers though? Unity does not store your keystore passwords in text files. And those text files are to be stored in the source control. Why though? Why?