Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.
×Hello everyone,
I’m currently building an Android Flutter app using a CI/CD pipeline and facing a challenge with securely managing my keystore (.jks
) file.
In my setup, I’m storing the .jks
file in Google Secret Manager. During the build process, my script fetches the keystore file from Secret Manager and uses it for signing the build. Here’s a summary of my current workflow:
gcloud secrets versions access latest
).I want to ensure that this approach adheres to best practices for security and maintainability. Specifically, I’d like to know:
.jks
files in CI/CD pipelines?Looking forward to hearing your thoughts and experiences.
Thanks in advance!
Best Regards.,
Karpaga Selvan