Skip to content

Android: rotate release keystore + move signing secrets into GitHub Actions #31

Description

@ahmetabdullahgultekin

Why: Env-var scaffolding for signing secrets landed (cb6eab9), but the keystore password rotation and GH-secret paste are still pending and user-gated.

Done when: keytool store+key password rotation done on the local release.jks; ANDROID_KEYSTORE_BASE64/PASSWORD/KEY_PASSWORD set in GitHub Actions secrets; a signed release build verified from CI; no release.jks or plaintext passwords in the repo.

Note: tracks the operator-gated remediation also referenced by the security incident log; this issue captures the build-side task only (no secret value).

source: plans/CLIENT_APPS_PARITY.md:121


Migrated from plans/CLIENT_APPS_PARITY.md (git history retains the original).

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions