Skip to main content

Managing Android keystore files

Abstract

You can create and upload Android keystore files to Bitrise for the purposes of Android code signing, using the Bitrise API. Your account must be an owner or an admin on the app's team to access these features.

This guide describes how to manage your Android keystore files with the Bitrise API. If you’d like to learn more about how to do the same on the UI, please check out Android code signing.

Table 1. Endpoints related to Android keystore files

Endpoints

Function

Required role on the app's team

GET/apps/{app-slug}/android-keystore-files

Get a list of Android keystore files

Owner or Admin

POST/apps/{app-slug}/android-keystore-files

Create an Android keystore file

Owner or Admin

DELETE/apps/{app-slug}/android-keystore-files/{android-keystore-file-slug}

Delete an Android keystore file

Owner or Admin


Listing the Android keystore files of an app

Required role

You must have an admin or owner role on the app's team to manage Android keystore files using the Bitrise API.

For a complete list of user roles and role cheatsheets, check User roles on app teams.

Retrieve a list of the Android keystore files of an app with the GET method of the android-keystore-files endpoint. The returned data includes, among other things, the names of the files, their size, as well as their current status.

The required parameter is:

  • app slug

Optional parameters are:

  • next: slug of the first file in the response (as a string)

  • limit: max number of elements per page (as an integer) where the default is 50.

Example 1. Getting all Android keystore files of an app

Request:

curl -X GET -H  'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/android-keystore-files'

Response:

{
  "data": [
    {
      "upload_file_name": "simplesample.jks",
      "upload_file_size": 2062,
      "slug": "01GDFZW5DZED3DQD4VK835FKTP",
      "processed": true,
      "is_expose": true,
      "is_protected": false,
      "user_env_key": "ANDROID_KEYSTORE",
      "exposed_meta_datastore": {
        "PASSWORD": "",
        "ALIAS": "",
        "PRIVATE_KEY_PASSWORD": ""
      }
    }
  ],
  "paging": {
    "total_item_count": 1,
    "page_item_limit": 50
  }

Creating and uploading Android keystore files

Required role

You must have an admin or owner role on the app's team to manage Android keystore files using the Bitrise API.

For a complete list of user roles and role cheatsheets, check User roles on app teams.

To add an Android keystore file to your app using the API, you will need to:

  1. Call the POST method of the android-keystore-files endpoint with the upload_file_name and upload_file_size parameters.

  2. Upload the file to AWS using the upload_url parameter from the response.

  3. Confirm the file upload with a POST call of the uploaded endpoint.

    This sets the processed flag of the file to true. This flag can't be changed again afterwards!

Example 1. Creating and uploading a new Android keystore file

Creating the file:

curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/android-keystore-files' -d '{"upload_file_name":"simplesample.jks","upload_file_size":2062}'

Response:

{
  "data": {
    "upload_file_name": "simplesample.jks",
    "upload_file_size": 2062,
    "slug": "01GDFYTF2DXZZSWGMCF0ZTVSB9",
    "processed": false,
    "is_expose": true,
    "is_protected": false,
    "upload_url": "https://concrete-userfiles-production.s3.us-west-2.amazonaws.com/project_file_storage_documents/uploads/129261/original/simplesample.jks?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIV2YZWMVCNWNR2HA%2F20220921%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20220921T120206Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=ce3c66fa144ba6ca9478cff3b72c49e024779f64ba961ddfc84060f65ea92562",
    "user_env_key": "ANDROID_KEYSTORE",
    "exposed_meta_datastore": {
      "PASSWORD": "",
      "ALIAS": "",
      "PRIVATE_KEY_PASSWORD": ""
    }
  }
}

The file name, its size, slug, and a pre-signed upload URL are retrieved (along with some attributes that you can modify). This pre-signed upload URL is a temporary link which you will use to upload the Android keystore file to its destination.

Uploading the file to AWS using the value of the upload_url parameter:

curl -T simplesample.jks 'https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e'

Confirming the upload:

curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/android-keystore-files/ANDROID-KEYSTORE-FILE-SLUG/uploaded'

Downloading an Android keystore file

Uploaded Android keystore files are stored in the General File Storage. You can retrieve them at any time by getting the download URL from the generic-project-files endpoint.

To call the endpoint, you need the file slug returned when uploading the keystore file and the app slug.

curl -X GET "https://api.bitrise.io/v0.1/apps/APP-SLUG/generic-project-files/FILE-SLUG" -H "accept: application/json" -H "Authorization: ACCESS-TOKEN"

The response will contain a download_url property, containing the URL in a string. You can use that URL to download the file itself.