Hello everyone,
I’m currently building an Android Flutter app using a CI/CD pipeline and facing a challenge with securely managing my keystore (.jks
) file.
In my setup, I’m storing the .jks
file in Google Secret Manager. During the build process, my script fetches the keystore file from Secret Manager and uses it for signing the build. Here’s a summary of my current workflow:
gcloud secrets versions access latest
).I want to ensure that this approach adheres to best practices for security and maintainability. Specifically, I’d like to know:
.jks
files in CI/CD pipelines?Looking forward to hearing your thoughts and experiences.
Thanks in advance!
Best Regards.,
Karpaga Selvan
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.