-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy pathsecrets.env.template
More file actions
167 lines (136 loc) · 5.54 KB
/
secrets.env.template
File metadata and controls
167 lines (136 loc) · 5.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# ==============================================================================
# GitHub Secrets Environment File - TEMPLATE
# ==============================================================================
# Copy this file to: secrets/secrets.env
# Fill in your actual values, then run: ./keystore-manager.sh sync
#
# IMPORTANT:
# - secrets/secrets.env contains REAL secrets - NEVER commit it to git
# - This template CAN be committed (contains only placeholders)
# - Use <<EOF and EOF for multiline/base64 values
# ==============================================================================
# =============================================================
# KEYSTORE CREDENTIALS
# =============================================================
# ORIGINAL Keystore credentials (Debug/Development)
ORIGINAL_KEYSTORE_FILE_PASSWORD=your_original_keystore_password
ORIGINAL_KEYSTORE_ALIAS=your_keystore_alias
ORIGINAL_KEYSTORE_ALIAS_PASSWORD=your_alias_password
# UPLOAD Keystore credentials (Release/Production)
UPLOAD_KEYSTORE_FILE_PASSWORD=your_upload_keystore_password
UPLOAD_KEYSTORE_ALIAS=your_upload_keystore_alias
UPLOAD_KEYSTORE_ALIAS_PASSWORD=your_upload_alias_password
# =============================================================
# LOCAL KEYSTORE GENERATION SETTINGS (not sent to GitHub)
# =============================================================
# Local keystore filenames (stored in 'keystores' directory)
ORIGINAL_KEYSTORE_NAME=original_keystore.keystore
UPLOAD_KEYSTORE_NAME=release_keystore.keystore
# Common keystore generation settings
VALIDITY=25
KEYALG=RSA
KEYSIZE=2048
OVERWRITE=false
# Certificate information (Distinguished Name)
# IMPORTANT: Use quotes for values with spaces
COMPANY_NAME="Your Company Name"
DEPARTMENT="Mobile Development"
ORGANIZATION="Your Organization"
CITY="Your City"
STATE="Your State"
COUNTRY=US
# =============================================================
# KEYSTORE FILES (base64 encoded, added by generator script)
# =============================================================
# These are auto-populated by: ./keystore-manager.sh generate
# Base64 encoded ORIGINAL keystore file
ORIGINAL_KEYSTORE_FILE<<EOF
EOF
# Base64 encoded UPLOAD keystore file
UPLOAD_KEYSTORE_FILE<<EOF
EOF
# =============================================================
# OTHER SECRETS (API keys, credentials, etc.)
# =============================================================
# These are auto-populated by: ./keystore-manager.sh sync
# Place the actual files in secrets/ directory first.
# Base64 encoded Firebase credentials
# Source: secrets/firebaseAppDistributionServiceCredentialsFile.json
FIREBASECREDS<<EOF
EOF
# Base64 encoded Google Services config
# Source: secrets/google-services.json
GOOGLESERVICES<<EOF
EOF
# Base64 encoded Play Store service account credentials
# Source: secrets/playStorePublishServiceCredentialsFile.json
PLAYSTORECREDS<<EOF
EOF
# Base64 encoded Match SSH private key
# Source: secrets/match_ci_key
MATCH_SSH_PRIVATE_KEY<<EOF
EOF
# Base64 encoded App Store Connect API key
# Source: secrets/AuthKey.p8
APPSTORE_AUTH_KEY<<EOF
EOF
# ==============================================================================
# iOS Configuration
# ==============================================================================
# App Store Connect API Keys
# Find at: https://appstoreconnect.apple.com/access/api
APPSTORE_KEY_ID=""
APPSTORE_ISSUER_ID=""
# Fastlane Match passphrase
# Used to encrypt/decrypt certificates in the Match Git repo
MATCH_PASSWORD=""
# macOS Notarization (for Desktop app distribution)
# Apple ID and app-specific password for notarization
NOTARIZATION_APPLE_ID=""
NOTARIZATION_PASSWORD=""
NOTARIZATION_TEAM_ID=""
# ==============================================================================
# Desktop Signing (Optional)
# ==============================================================================
# These are optional for Desktop app distribution outside app stores.
# Populate when setting up code signing for Windows/macOS/Linux desktop apps.
# Windows Signing
WINDOWS_SIGNING_KEY=""
WINDOWS_SIGNING_PASSWORD=""
WINDOWS_SIGNING_CERTIFICATE=""
# macOS Signing (Desktop app, not iOS)
MACOS_SIGNING_KEY=""
MACOS_SIGNING_PASSWORD=""
MACOS_SIGNING_CERTIFICATE=""
# Linux Signing
LINUX_SIGNING_KEY=""
LINUX_SIGNING_PASSWORD=""
LINUX_SIGNING_CERTIFICATE=""
# ==============================================================================
# macOS App Store (Required for macOS TestFlight & App Store deployment)
# ==============================================================================
# Keychain and certificate passwords for CI code signing.
# Place .p12 and .provisionprofile files in secrets/ directory, then run sync.
#
# Required files:
# secrets/mac_app_distribution.p12 -> MAC_APP_DISTRIBUTION_CERTIFICATE_B64
# secrets/mac_installer_distribution.p12 -> MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64
# secrets/mac_embedded.provisionprofile -> MAC_EMBEDDED_PROVISION_B64
# secrets/mac_runtime.provisionprofile -> MAC_RUNTIME_PROVISION_B64
#
# Password files (create in secrets/ directory):
# secrets/.keychain_password -> KEYCHAIN_PASSWORD
# secrets/.certificates_password -> CERTIFICATES_PASSWORD
# Keychain password for temporary signing keychain on CI
KEYCHAIN_PASSWORD=""
# Password used to import .p12 signing certificates
CERTIFICATES_PASSWORD=""
# Base64 encoded macOS certificates and profiles (auto-populated by sync)
MAC_APP_DISTRIBUTION_CERTIFICATE_B64<<EOF
EOF
MAC_INSTALLER_DISTRIBUTION_CERTIFICATE_B64<<EOF
EOF
MAC_EMBEDDED_PROVISION_B64<<EOF
EOF
MAC_RUNTIME_PROVISION_B64<<EOF
EOF