6

I am looking into using EAS (expo Application Services) to submit a build to the Google Play Store. As per the docs, a serviceAccountKeyPath is required:

https://docs.expo.dev/submit/eas-json/#serviceaccountkeypath

I have successfully submitted a build by running eas submit -p android and entering the path to the JSON service account key when prompted.

As this is sensitive information, I don't want it to be added to my git repo. Should I just add it to my .gitignore, or is there a better way e.g. store it within my expo account somehow?

mahi-man
  • 4,326
  • 2
  • 25
  • 36
  • 1
    Did you endup storing the application service credentials somewhere ? I was thinking to store it as a secret file in expo which will give you the path to the file as environment variable but Im not sure how to replace this during eas submit – Goca Dec 23 '22 at 05:02
  • I just added it to my .gitignore file. Not ideal, but works for now. – mahi-man Jan 03 '23 at 02:48
  • does this key work for all apps or do I need only one – louis Jan 12 '23 at 21:21
  • I wonder what people do for automated delivery with github actions – bj97301 May 12 '23 at 19:05

2 Answers2

2

You only need to provide serviceAccountKeyPath the first time you run eas submit -p android for an specific project. You have to do manually the first time. The next you run eas submit expo takes the previus provided file.

Dylan Jahir Luna García
  • 21
  • 1
  • Could google service key json file be available in the repo where is the code? What are security concerns as there are a lot of data inside the json. Can file be called as a secret in the eas.json somehow? https://cloud.google.com/iam/docs/keys-create-delete#iam-service-account-keys-create-console – Branko Mar 09 '23 at 13:03
0

You can avoid needing to set serviceAccountKeyPath, even with your first call to eas submit, by uploading your credentials in the Expo UI.

From your project dashboard in the Expo UI:

  1. Choose "Credentials" from the navigation on the left.
  2. Under the Android tab, choose your Application ID (usually set in your app.config.js file)
  3. Choose "Add a Google Service Account Key".
  4. Upload the Google Service Account Key JSON file. If you haven't created one yet, follow their instructions.

Now the Google Service Account Key will be stored in Expo and you don't need to figure out how to store it in your repository, CI system, etc.

blimmer
  • 2,038
  • 20
  • 23