Android Gradle - load signing config from external file

Question

In Gradle for Android it seems to be commons practice to define your signing config for release build like this:

android {
    signingConfigs {
        debu         


        

Answer 1

I use something like this.

I have a signing.properties in my app root folder.

STORE_FILE=xxxx
STORE_PASSWORD=xxx
KEY_ALIAS=xxx
KEY_PASSWORD=xxx

This file is not on under version control. Of course you can change folder.

Then in your build.gradle you can use something like this:

 android {

        signingConfigs {
            release
        }

        buildTypes {
                release {
                    signingConfig signingConfigs.release
                }     
        }
    }

    def Properties props = new Properties()
    def propFile = file('../signing.properties')
    if (propFile.canRead()){
        props.load(new FileInputStream(propFile))

        if (props!=null && props.containsKey('STORE_FILE') && props.containsKey('STORE_PASSWORD') &&
                props.containsKey('KEY_ALIAS') && props.containsKey('KEY_PASSWORD')) {

            android.signingConfigs.release.storeFile = file(props['STORE_FILE'])
            android.signingConfigs.release.storePassword = props['STORE_PASSWORD']
            android.signingConfigs.release.keyAlias = props['KEY_ALIAS']
            android.signingConfigs.release.keyPassword = props['KEY_PASSWORD']
        } else {
            android.buildTypes.release.signingConfig = null
        }
    }else {
        android.buildTypes.release.signingConfig = null
    }

If you change the folder, you have to change this line:

 def propFile = file('../signing.properties')

Answer 2

For Groovy (build.gradle)

Put a file signing.properties where the module specific build.gradle is found. Don't forget to add it to your .gitignore file!

signing.properties

storeFilePath=/home/willi/example.keystore
storePassword=secret
keyPassword=secret
keyAlias=myReleaseSigningKey

build.gradle

android {
    // ...
    signingConfigs{
        release {
            def props = new Properties()

            def fileInputStream = new FileInputStream(file('../signing.properties'))
            props.load(fileInputStream)
            fileInputStream.close()

            storeFile = file(props['storeFilePath'])
            storePassword = props['storePassword']
            keyAlias = props['keyAlias']
            keyPassword = props['keyPassword']
        }
    }

    buildTypes {
        release {
            signingConfig signingConfigs.release
            // ...
        }
    }
}

Answer 3

You can move your sensitive details to a separate signing file and have gradle load those in.

Here's a good article on how to do it

Answer 4

For Kotlin Script (build.gradle.kts)

Put a file signing.properties where the module specific build.gradle.kts is found. Don't forget to add it to your .gitignore file!

signing.properties

storeFilePath=/home/willi/example.keystore
storePassword=secret
keyPassword=secret
keyAlias=myReleaseSigningKey

build.gradle.kts

android {
    // ...
    signingConfigs {
        create("release") {
            val properties = Properties().apply {
                load(File("signing.properties").reader())
            }
            storeFile = File(properties.getProperty("storeFilePath"))
            storePassword = properties.getProperty("storePassword")
            keyPassword = properties.getProperty("keyPassword")
            keyAlias = "release"
        }
    }

    buildTypes {
        getByName("release") {
            signingConfig = signingConfigs.getByName("release")
            // ...
        }
    }
}