How to Not Lose Your Keystore or Keystore Password

Have you ever lose your keystore? Or the time when you get the message "Keystore was tampered with, or password was incorrect"

I think it is a common problem that Google releasing a feature called Google Play App Signing. But we will not use it this time because it has a constraint that your app must be released through Google Play.

So the answer is simple: Put it in your repository

If your company or the place where you work restrict such an action, then you must stop reading this

And also I don't think this is a good idea if you have a public repository.

You can include it on in your code repository such as Git. And then you can create the signingConfig configuration in your build.gradle like this:

signingConfigs {  
        release {
            storeFile file(certificateLocation)
            storePassword certificateStorePassword
            keyAlias certificateKeyAlias
            keyPassword certificateKeyPassword
        }
    }

Don't forget to include it in your build type.

release {  
    signingConfig signingConfigs.release
    ...
}

And put your config values in your gradle.properties. This helps when you don't want to store your password in your repo. As an alternative, you can use system variable.

certificateLocation=../my.key  
certificateStorePassword=YOUR_PASSWORD  
certificateKeyAlias=YOUR_ALIAS  
certificateKeyPassword=YOUR_KEY_PASSWORD  

Besides keeping your keystore and keystore password safe, it also handy if you working in a team where everyone can build a release APK or when you use CI/CD.

Keep in mind that the best use case for this is if you have a private repository and a CI server in your own machine. That's it for me. Ciao 👋