Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Best Practices for Managing Keystore Files in CI/CD Pipelines for Android Flutter Apps

Karpaga Selvan
Karpaga Selvan December 31, 2024

Hello everyone,

I’m currently building an Android Flutter app using a CI/CD pipeline and facing a challenge with securely managing my keystore (.jks) file.

In my setup, I’m storing the .jks file in Google Secret Manager. During the build process, my script fetches the keystore file from Secret Manager and uses it for signing the build. Here’s a summary of my current workflow:

  1. Store the keystore file in Google Secret Manager as a secret.
  2. Fetch the keystore during the build using a Google Cloud command (gcloud secrets versions access latest).
  3. Use it in the Android build process.

I want to ensure that this approach adheres to best practices for security and maintainability. Specifically, I’d like to know:

  • Are there alternative or better ways to handle .jks files in CI/CD pipelines?
  • How do others in the community manage their keystore files securely while building Android apps?
  • Any tips to improve or further secure this workflow?

Looking forward to hearing your thoughts and experiences.

Thanks in advance!

 

Best Regards.,

Karpaga Selvan

Answer
Watch
Like Be the first to like this
297 views

0 answers

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Upcoming Bitbucket Events