AndroidStudio Security Management signature file keystroe and signature password (Starling brother)

AndroidStudio Security Management signature file keystroe and signature password (Starling brother)
When we use AndroidStudio to sign the release apk, The keystore of the signature file is usually put in the project, and the password is written in build. in gradle, The keystore and password are uploaded to the Git repository along with the code, which is often insecure because it is obtained by people.

This is to modify the build. gradle signature configuration in the previous app.

So how can we manage our keystore and password more securely? Today, I will teach you how to implement keystroe security management.
First, create a "keystore. properties" file under the project, and configure the absolute path, password, alias, and other information of keystroe.

Next, we will configure the signature information in build. gradle in three steps.

Modified Configuration

The preceding three steps are as follows:

Step 1: create a file input stream FileInputStream to obtain the keystore. properties file stream

Step 2: Get the configuration content of keystore. properties through the input stream

Article 3: reference signature

How can this problem be shown to be safer than before? Is there another step to do? Set keystore. properties is added to ignore so that keystore is not uploaded. the properties file is sent to the git repository, which isolates the sensitive signature information from the code uploaded to the git repository, so that our signature information is secure.