0

How should Android keystores be managed? Is it okay to store all keys for all your apps in one keystore or should you have one keystore per app? Is there any point in using version control for your keystores?

Paul Manta
  • 30,618
  • 31
  • 128
  • 208

2 Answers2

1

You should definitely only have one single keystore to hold all your keys because it's easier to manage, plus all the keys already have their own password in addition to the keystore's password. The real question is: should you create one key per app, or sign all your apps with a single key? As mentioned in this answer, there's some pros to signing all your apps with the same key, namely: apps signed with the same key can run in the same process and share data seamlessly (see android docs too).

With regards to your version control question, you absolutely need to backup your keystore! If you lose your keystore, you'll no longer be able to sign updates for your apps in the Google Play Store! Your keystore binary shouldn't change often (unless you're adding keys), but a private git repo makes a good place to backup your keystore with one of your projects. Don't use version control though if it's an open source repo (e.g. free github) or you have team members that you can't trust with the keystore (e.g. short-term contractors). Otherwise, just find a safe place to back it up.

Community
  • 1
  • 1
Mr. Kevin Thomas
  • 837
  • 2
  • 13
  • 21
0

Usually you only have one keystore that you use to sign all of your applications; you are essentially "marking" all of the applications with your credentials. This post provides alot of valuable information: Android: What is a keystore file, and what is it used for?

The Android Developers website also provides a very valuable article which discusses keystores, how to sign your application, and a variety of other considerations: http://developer.android.com/tools/publishing/app-signing.html

Community
  • 1
  • 1
Willis
  • 5,308
  • 3
  • 32
  • 61