My previous post shared instructions on how to sign APK’s on CircleCI using Dropbox to securely store your private key.
Since then I’ve found a simpler and more secure way to store everything in CircleCI secure environment variables using base64 encoding.
Step 1: Base64 encode your private key
From the console enter:
cat path/to/yourprivatekey.jks | base64
This will print block of base64 encoded text to your screen. Copy it.
Step 2: Add your environment vars to CircleCI
Now go to your project config on CircleCI and add a new project-level environment variable in CircleCI called ENCODED_KEYSTORE and paste the encoded key you copied in step 1 as it’s value.
Step 3: Make config.yml decode the keystore into a file
Right before your gradle dependencies step in your CircleCI config.yml add the following:
- run: echo $ENCODED_KEYSTORE | base64 --decode >> ${HOME}/repo/keystore.jks - run: echo 'export KEYSTORE=${HOME}/repo/keystore.jks' >> $BASH_ENV
What this does is decode the base64 encoded text back into the keystore.jks file and then
sets the KEYSTORE environment variable to it’s location.
From here, it’s just a matter of following the standard steps for signing a release. This typically involes adding a release signingConfig configured to retrieve it’s settings from environment variables along with a release buildType to apply the signingConfig:
android { signingConfigs { release { storeFile file(System.getenv("KEYSTORE") ?: "keystore.jks") storePassword System.getenv("KEYSTORE_PASSWORD") keyAlias System.getenv("KEY_ALIAS") keyPassword System.getenv("KEY_PASSWORD") } } buildTypes { release { minifyEnabled false zipAlignEnabled true signingConfig signingConfigs.release } } }
[…] UPDATE 4/7/2018 – I’ve come up with a simpler and more secure approach that doesn’t require Dropbox. […]
I would say it doesn’t work with CircleCI single-line environment variables and you need to wrap it like
cat xxx.jks | base64 | sed ‘:a;N;$!ba;s/\n/ /g’
and
– run: echo $ENCODED_KEYSTORE | sed ‘s/ /\n/g’ | base64 –decode >> ${HOME}/repo/keystore.jks