Coffee and Space

Keep a debug keystore in your repository


Every now and then I come across SDKs that use your app signing key to identify you as a legitimate user. You may have been in this situation before: You just added a fancy Google Map to your application, configured the key fingerprint in the API console and checked in your code, only to get a bug report from your coworker, who is only seeing a blank screen when they compile and run your app.

When you install Android Studio, it creates one keystore in ~/.android/debug.keystore and uses this to sign debug builds for all your projects. That’s the reason your coworker doesn’t see the map: Their key is different from yours, and needs to be added to the API console as well.

There’s a simpler way though, that doesn’t require changing your configuration for every team member: Keep a project specific keystore in your source control and share it with the whole team. You can generate a new key using the Build > Generate Signed Bundle / APK dialog, place it in your project root, and configure it in your build.gradle:

android {
  signingConfigs {
    debug {
      storeFile rootProject.file('debug.keystore')
      keyAlias 'key0'

Now there’s only one fingerprint to configure for everyone. If you only use this key for debug builds (which you should!), there’s not even a need to hide the key password from your build.gradle. New team members can just check out the code and get started right away. Just make sure to never ever use this keystore for release builds!

If you unsure about your configured signing key/fingerprint, the :app:signingReport Gradle task has all the details.