Android: why signing configs in Gradle require clear passwords?

https://stackoverflow.com/questions/22616757

passwords
android
signing
gradle
android-gradle-plugin

20-06-2023
|

Question

There must be something I am missing.

It looks like in order to sign a release APK in Android Studio, you need to hardcode in the Gradle configuration file your signature password and the exact location of your signature file.

Is this really secure?

In Eclipse I was always asked to type the password, and I prefered that way.

Solution

you need to hardcode in the Gradle configuration file your signature password

No. You need to supply build.gradle with the keystore password. You can supply that via an environment variable, a separate properties file (e.g., one that is not committed as part of a repo), or any other means you choose that Groovy can handle.

In Eclipse I was always asked to type the password, and I prefered that way.

You can do that too.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow