Should gradle.properties be in gitignore for a react native project to hide release password?

Question

I'm working on a react native app on windows. To be able to generate a signed release apk I've added MYAPP_RELEASE_STORE_PASSWORD=*** and MYAPP_RELEASE_KEY_PASSWORD=*** to my /projectname/android/gradle.properties file (Like it says so here). Now I wonder if I should add the file to gitignore to prevent it from being uploaded to github, or is there a way to store the password in a different file?

Check this link in the documentation: http://stackoverflow.com/documentation/android-gradle/5249/configure-signing-settings#t=201702081442045666847 There are a lot of way to handle the file which stores the password. — Gabriele Mariotti, Feb 08 '17 at 14:42

score 10 · Answer 1 · edited Feb 28 '22 at 19:37

I found the solution for storing the passwords in a separate file here: Sign APK without putting keystore info in build.gradle

In build.gradle add:

// Load keystore
def keystorePropertiesFile = rootProject.file("keystores/release.keystore.properties");
def keystoreProperties = new Properties()
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))

And a bit further down:

signingConfigs { 
    release { 
        storeFile file(keystoreProperties['MYAPP_RELEASE_STORE_FILE'])
        storePassword keystoreProperties['MYAPP_RELEASE_STORE_PASSWORD']
        keyAlias keystoreProperties['MYAPP_RELEASE_KEY_ALIAS']
        keyPassword keystoreProperties['MYAPP_RELEASE_KEY_PASSWORD']
    }
}

And then add release.keystore.properties to the .gitignore file defined like so:

MYAPP_RELEASE_STORE_FILE=x
MYAPP_RELEASE_STORE_PASSWORD=y
MYAPP_RELEASE_KEY_ALIAS=z
MYAPP_RELEASE_KEY_PASSWORD=t

(Sorry for answering my own question, I hate doing that..)

So what is the content inside `keystores/release.keystore.properties` ? Is it these? MYAPP_RELEASE_STORE_FILE=myapp-release-key.keystore MYAPP_RELEASE_KEY_ALIAS=myapp-key-alias MYAPP_RELEASE_STORE_PASSWORD=password MYAPP_RELEASE_KEY_PASSWORD=password — vzhen, Dec 31 '17 at 12:06

score 0 · Answer 2 · answered Feb 08 '17 at 14:34

You can add that information to your super gradle.properties file on ${HOME}/.gradle/gradle.properties and it should be ready for you.

You can also rename those properties on the app/build.gradle and use different ones for different projects if required.

For example, my project FOO has

112         release {
113             storeFile file(FOO_RELEASE_STORE_FILE)
114             storePassword FOO_RELEASE_STORE_PASSWORD
115             keyAlias FOO_RELEASE_KEY_ALIAS
116             keyPassword FOO_RELEASE_KEY_PASSWORD
117         }

And on my ${HOME}/.gradle/gradle.properties I have:

1 FOO_RELEASE_STORE_FILE=foo-release-key.keystore
2 FOO_RELEASE_KEY_ALIAS=foo.android
3 FOO_RELEASE_STORE_PASSWORD=******************
4 FOO_RELEASE_KEY_PASSWORD=***************

But the issue with this is that when you use windows ´${HOME}/.gradle/gradle.properties´ doesn't seem to exist (described also on the linked blogpost). — Niels, Feb 08 '17 at 14:58

score 0 · Answer 3 · answered May 02 '20 at 01:13

0

You can create ${HOME}/.gradle/gradle.properties, as it doesn't exist by default, at least on Windows.

Put the key there exactly as you would in your project gradle.properties. You can see the order of precedence here.

answered May 02 '20 at 01:13

Tad Venture

13
3

Should gradle.properties be in gitignore for a react native project to hide release password?

3 Answers3