-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Concern #2
Comments
The The password for keystore and key shall not be committed as well. The official doc of react native provides another option to store them in However, I presume that if we are using the global |
If it's a private repo and only people who are authorized to deploy the app can access it, I suppose its fine to commit the key and credentials. Otherwise it should be kept on your machine. For signing credentials, I will add to the reply above that you can also use Because there are many approaches to securing your key/credentials, I think its better if we keep the instructions for the guide simple for now (add a note with a link to this issue maybe). People who are concerned about security will probably look into it and figure something out that works for them. |
Is it safe to commit your keystore file as well as the signing credentials in a repo?
The text was updated successfully, but these errors were encountered: