Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Good location for Android Keystore?

Tags:

android

Are there any guidelines for what the location of the Android keystore "should" be? I'm ready to release my first app and in Export Android Application I'm creating a new keystore it wants me to specify the location.

FWIW my Eclipse Workspace is on a shared network drive and I access it from any of 3 different development systems. I've had no problems doing this. The default location that came up for the keystore location seemed to be in the SDK directory tree, but that won't work for me because each PC has its own copy of the SDK installed. I need it to be in a location which can be seen from any PC that I might be doing development work from, so I assume that means the network drive or some virtual location in the cloud.

Are there guidelines, rules, restrictions or other things I need to know about the location the keystore?

like image 724
Peter Nelson Avatar asked Mar 08 '11 02:03

Peter Nelson


People also ask

Where should I store my keystore?

If you're worried about security, remember that both the keystore and individual keys within it can (and should) be password protected. My keystore is in the root of my android eclipse workspace, which is also the root directory of the git repository I use for version control.

Where is the Android keystore located?

The default location is /Users/<username>/. android/debug. keystore.

What is the keystore path?

keystore file stored in one of the following locations: ~/. android/ on OS X and Linux. C:\Documents and Settings\ user \.

Is Android keystore safe?

The Android Keystore provides APIs to perform cryptographic operations within this trusted environment and receive the result. It was introduced in API 18 (Android 4.3). A strongbox backed Android Keystore is currently the most secure and recommended type of keystore.


2 Answers

As long as it's somewhere safe (i.e. backed up remotely in source control or by some other method) it doesn't really matter. If you lose the keystore somehow then you'll no longer be able to update your app on the android market and will be forced to remove it and re-upload it as a new app signed with a new key.

If you're worried about security, remember that both the keystore and individual keys within it can (and should) be password protected.

My keystore is in the root of my android eclipse workspace, which is also the root directory of the git repository I use for version control. Seeing as you are developing on multiple machines and would potentially want to do a release from any one of them, I'd suggest doing the same.

like image 156
David Underwood Avatar answered Oct 07 '22 18:10

David Underwood


I wish that github had a built-in tool to support storing the occasional private file for a public open source repo. This is important for certificates and keystores that are associated with source code, but shouldn't be publicly viewable.

Ideally, github would have some sort of keystore repo that would act like a mini-private repo. That way, you could put your private keystores in a private repo, and only share them with accounts who should be allowed to manage your Google Play and iTunes Connect accounts.

Until that day, I've taken to storing my keystore files in a free private repo on bitbucket, and then putting a link to the bitbucket repo in my github opensource repo. That way, it won't get lost since anyone who can check out the source can see where the keystore is, but it also isn't publicly available.

Github, if you're listening, I think supporting a very restricted, free, private repo just for keystores would be a great service to the open source mobile app community.

like image 45
emmby Avatar answered Oct 07 '22 17:10

emmby