Let's say I have an Android Project set up and a git repository for it. Where can I put my keystore (and other sensitive files) inside my project so I can be guaranteed that it will not end up inside the .apk when I export the app (but will be inside the git repository)?
For instance, I can't put sensitive files inside the assets folder because that will end up inside the .apk.
Is there a place to store these kind of files in the Android file hierarchy I am missing?
On
Don't put your keystore anywhere in your source control or project folder even if you have .gitignored it. It is a personal document, to be treated as you would your SSH keys.
It is better to keep it in an external location, such as your documents folder or personal keystore folder, which you manage yourself. As you have mentioned, these don't need to end up in the APK so they are purely supporting documents and files.
Put them in the project root. The only file from the project root that is incorporated directly into the APK is
AndroidManifest.xml, and even that is moving with the new build system and project directory structure.Or, create some other directory that does not collide with any existing directories and will not be used by Android, like
_stuff/.Or, have your project itself be in a subdirectory, putting other related files in a peer directory.
Also, make sure you set up your
.gitignoreproperly such that files only go into the Git repo that you actually want in the Git repo.