Android Coder: Using Gradle Signing Plugin to Hide Credentials

Like most developers I use generic credentials with signing keys for Open Source projects, but I still don't want them displayed on GitHub as a matter of principle if for no other reason.

In this post we'll cover how I used the Gradle Signing Plugin to hide my API Key Signing Configuration on the GitHub NixMashupLinks repo. As you will see, the actual credentials are stored in a gradle.properties file in my home .gradle folder.

Before we see how nifty the Gradle Signing Plugin is, let's look at another way of hiding credentials–using a project properties file. Project properties files are great, but you'll see that using the Signing Plugin is much simpler.

To use a Project Properties file we first list it in our gradle.properties file.  Something like:

NixMashupLinks.properties=/home/daveburke/.gradle/nixmashuplinks.properties

Our nixmashuplinks.properties file is like any other .properties file.

myKeyPassword=myPassword
myStorePassword=myPassword

What I don't like about using a Properties file is that our build.gradle gets ugly really fast.

With the Gradle Signing Plugin we can get rid of all of the project properties inspection and file loading logic.

Nice, eh? Simply add apply plugin: ‘signing' and replace the actual credentials with gradle.properties strings. Our gradle.properties file (located in your /home/username/.gradle folder) looks just like our project properties file earlier.

myKeyPassword=myPassword
myStorePassword=myPassword

To build NixMashupLinks you'll need to remember to create your own gradle.properties file like the one above in your home .gradle directory.

Now as you can see, our application's build.gradle file on Github sufficiently hides our API key credential passwords, however generic they may be.

Android Coder Notes for this Post

The Gradle Signing Plugin was first implemented in the NixMashupLinks Repository Version 1.2 Branch.

Posted December 09, 2014 03:04 PM EST

More Like This Post