Generating a keystore

You can create a keystore for signing your release builds with the Java Keytool utility by running the following command:

keytool -genkey -v -keystore codemagic.keystore -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias codemagic

Keytool then prompts you to enter your personal details for creating the certificate, as well as provide passwords for the keystore and the key. It then generates the keystore as a file called codemagic.keystore in the directory you’re in. The key is valid for 10,000 days.

Warning: Keep the keystore and the key.properties files private; do not check them into public source control.

Signing Android apps using Gradle

Modify your android/app/build.gradle as follows:

...
  android {
      ...
      defaultConfig { ... }
      signingConfigs {
          release {
              if (System.getenv()["CI"]) { // CI=true is exported by Codemagic
                  storeFile file(System.getenv()["CM_KEYSTORE_PATH"])
                  storePassword System.getenv()["CM_KEYSTORE_PASSWORD"]
                  keyAlias System.getenv()["CM_KEY_ALIAS"]
                  keyPassword System.getenv()["CM_KEY_PASSWORD"]
              } else {
                  keyAlias keystoreProperties['keyAlias']
                  keyPassword keystoreProperties['keyPassword']
                  storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
                  storePassword keystoreProperties['storePassword']
              }
          }
      }
      buildTypes {
          release {
              ...
              signingConfig signingConfigs.release
          }
      }
  }
  ...

Configuring Environment variables

The environment variables referenced by the build.gradle need to be stored in the Codemagic UI. A detailed explanation on how Environment variables and groups work can be found here.

The keystore file, like all binary files, has to be base64 encoded before storing its value.

For Linux machines, we recommend installing xclip:

sudo apt-get install xclip
cat codemagic.keystore | base64 | xclip -selection clipboard

Alternatively, you can run the following command and carefully copy/paste the output:

openssl base64 -in codemagic.keystore
Tip: When copying file contents always include any tags. e.g. Don’t forget to copy -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- too.

On macOS, running the following command base64 encodes the file and copies the result to the clipboard:

cat codemagic.keystore | base64 | pbcopy

For Windows, the PowerShell command to base64 encode a file and copy it to the clipboard is:

[Convert]::ToBase64String([IO.File]::ReadAllBytes("codemagic.keystore")) | Set-Clipboard
  1. Open your Codemagic app settings, go to Environment variables tab.
  2. Enter CM_KEYSTORE as the Variable name.
  3. Paste the base64 encoded value of the keystore file in the Variable value field.
  4. Enter a variable group name, e.g. keystore_credentials. Click the button to create the group.
  5. Make sure the Secure option is selected so that the variable can be protected by encryption.
  6. Click the Add button to add the variable.
  7. Continue by adding CM_KEYSTORE_PASSWORD, CM_KEY_ALIAS and CM_KEY_PASSWORD
  8. Add the CM_KEYSTORE_PATH variable with the value $CM_BUILD_DIR/codemagic.keystore
Tip: Store all the keystore variables in the same group so they can be imported to codemagic.yaml workflow at once.

Environment variables have to be added to the workflow either individually or as a group. Modify your codemagic.yaml file by adding the following:

workflows:
  android-workflow:
    name: Android Workflow
    # ....
    environment:
        groups:
            - keystore_credentials

Environment variables added with the Secure option checked are transferred to the build machine encrypted and are available only while the build is running. The build machine is destroyed at the end.

The content of the base64 encoded files needs to be decoded before it can be used. Add the following script to your codemagic.yaml scripts section:

workflows:
  android-workflow:
    # ....
    environment:
        # ....
    scripts:
      - name: Set up keystore
        script: |
     echo $CM_KEYSTORE | base64 --decode > $CM_KEYSTORE_PATH