Skip to content

Android Keystore and Signing Keys

Jump to bottom
Spaccesi edited this page Mar 4, 2026 · 1 revision

Remember, documentation is king. For the full official reference, see Sign your app — Android Developers.

This guide walks you through generating an Android upload keystore and securely storing the signing credentials as GitHub repository secrets.

Prerequisites

  • Java Development Kit (JDK) installed — keytool is bundled with the JDK
  • Access to your GitHub repository settings

Step 1 — Generate a Keystore

Run the following command to create a new keystore file:

keytool -genkeypair \
  -v \
  -keystore upload-keystore.jks \
  -keyalg RSA \
  -keysize 2048 \
  -validity 10000 \
  -alias upload

You will be prompted to:

  1. Set a keystore password — save this, you will need it later
  2. Set a key password — save this as well
  3. Fill in identity fields (name, organization, etc.)

The -alias value (upload in this example) is the key alias you will need later.

Step 2 — Verify the Keystore

Confirm the keystore was created successfully and check its contents:

keytool -list -v -keystore upload-keystore.jks

Take note of the alias name shown in the output — this is your android-key-alias.

Step 3 — Encode the Keystore with Base64

Convert the keystore file into a Base64 string so it can be stored as a secret:

# macOS
base64 -i upload-keystore.jks | pbcopy

# Linux
base64 -w 0 upload-keystore.jks | xclip -selection clipboard

The Base64 string is now in your clipboard.

Step 4 — Store Secrets in GitHub

Go to Your repository > Settings > Secrets and variables > Actions and create the following secrets:

Secret name Value
ANDROID_STORE_FILE_BASE64 The Base64 string from Step 3
ANDROID_STORE_PASSWORD The keystore password from Step 1
ANDROID_KEY_ALIAS The key alias (e.g., upload)
ANDROID_KEY_PASSWORD The key password from Step 1

Step 5 — Use the Secrets in Your Workflow

Reference the secrets in your GitHub Actions workflow:

- name: Build Android
  uses: Spaccesi/flutter-actions-suite/build/android@main
  with:
    android-store-file-base64: ${{ secrets.ANDROID_STORE_FILE_BASE64 }}
    android-store-password: ${{ secrets.ANDROID_STORE_PASSWORD }}
    android-key-alias: ${{ secrets.ANDROID_KEY_ALIAS }}
    android-key-password: ${{ secrets.ANDROID_KEY_PASSWORD }}

Summary

Step Action
1 Generate a keystore with keytool
2 Verify the keystore and note the alias
3 Encode the keystore file with Base64
4 Store all four values as GitHub secrets
5 Reference the secrets in your workflow

@

Clone this wiki locally