# Android code signing using the Android Sign Step

You can create a signed APK using the Android Sign Step in your Bitrise Workflow. This Step is configured to run if you have already uploaded your keystore file on the Code signing tab of the Workflow Editor.

The Android Sign Step is not required if signing is configured in your project’s bundle.gradle file. If so, running the Android Build Step (or the Gradle Runner Step) signs the output (APK or AAB) automatically. Nevertheless, we recommend that you use the Android Sign Step to sign your project in an easy and secure way.

### jarsign and apksigner

APKs can be signed with either jarsigner or apksigner. For APKs, if you wish to use apksigner to sign your project, then in the Android Sign Step you have to first set the Enables apksigner input to true and leave the APK Signature Scheme input on automatic. This way apksigner checks your APK’s minimum and target SDK versions and chooses the required schemes. It signs your project with V1 scheme if your minimum supported version is low and it also signs with other schemes for newer systems.

Please note that AAB files can only be signed with jarsigner. The Step uses jarsigner if it detects a file ending with .aab

1. Open your app on Bitrise.

2. Go to the Workflow tab.

3. Go to Code Signing > Android Code Signing.

4. Drag-and-drop your keystore file to the Upload file field of the ANDROID KEYSTORE FILE section.

5. Fill out the displayed three input fields with your credentials:

• Keystore alias

When you have successfully uploaded a keystore file to the ANDROID KEYSTORE FILE section, Bitrise will automatically export the following Environment Variables based on your input:

• $BITRISEIO_ANDROID_KEYSTORE_ALIAS • $BITRISEIO_ANDROID_KEYSTORE_PASSWORD

• $BITRISEIO_ANDROID_KEYSTORE_PRIVATE_KEY_PASSWORD • $BITRISEIO_ANDROID_KEYSTORE_URL

7. Add the Android Sign Step to your Workflow after the Step that builds your APK or AAB file.

Bitrise uses the above Environment Variables and sets them as inputs into the respective fields of the Android Sign Step. Once the Step runs, it produces either a signed APK or an AAB. The signed APK or AAB is used in deploy Steps, for example, the Google Play Deploy Step or the Deploy to Bitrise.io Step. The latter deploys the APK/AAB on the APPS & ARTIFACTS tab. You can also use Ship to deploy your app once you built an APK/AAB file.

- file-downloader:
- source: $BITRISEIO_ANDROID_KEYSTORE_URL - destination: "$HOME/keystores/my_keystore.jks" #native android#
After this Step, my_keystore.jks will be available at \$HOME/keystores/my_keystore.jks.