How to properly sign your Flutter apps before uploading to the Android App Store

Before publishing to the Google Play Store you need to have a digital signature for your app.

If someone was able to get your login details they still would not be able to upload a new release of your app because only you have the keystore on your computer.

It's really simple and easy to accomplish this and can be done under 5mins.

The command you need is:

Windows:

1

keytool -genkey -v -keystore c:\\Users\\USER_NAME\\key.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias key

Mac\Linux:

1

keytool -genkey -v -keystore ~/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias key

If you don't have the keytool command on your cmd, you might need to include it in your PATH, or you can go directly to the location of the keytool.exe and execute it from there.

1

cd C:\\Program Files\\Java\\jdk1.8.0_172\\bin

So now you are in the java bin directory you should see a program called keytool.exe You should be able to run the keytool command from this location now.

You can change the location of where you want the key.jks file to be saved. This key can be used for multiple apps, so saving it in a central location might be a good idea. DO NOT SAVE TO SOURCE CONTROL!!! That would defeat the purpose of signing.

Now that we the key.jks file we need to include it in our app.

Create a file in the android root folder named key.properties with this:

1
2
3
4


storePassword=<password from previous step>
keyPassword=<password from previous step>
keyAlias=key
storeFile=<location of the key store file, such as /Users/<user name>/key.jks>

This is just some meta information about your key which will be used in the next step.

Go to the android/app/build.gradle file and include this before the android {} block of code.

1
2
3
4
5


def keystoreProperties = new Properties()
def keystorePropertiesFile = rootProject.file('key.properties')
if (keystorePropertiesFile.exists()) {
    keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
}

This is what I mentioned before, here we are adding the code to load the key.properties file when building.

Last but not least we need to add this before the buildTypes{} block of code:

1
2
3
4
5
6
7
8


signingConfigs {
    release {
        keyAlias keystoreProperties['keyAlias']
        keyPassword keystoreProperties['keyPassword']
        storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
        storePassword keystoreProperties['storePassword']
    }
}

And that's all. Whenever we build our application in release mode, it would automatically sign the app without us having to do anything. Just make sure not to move or delete the key.jks file from the directory you saved it in.