How to manage credential files in a build?
Completed
I know that I can use the Parameters feature to store credentials like passwords, API keys used in a build. But how can I access a file during the build? It is a common use case, for example I will need the keystore file to sign my release apk when building an Android project. I doesn't find a place in TeamCity's project/build settings to allow me uploading credential files.
Set base64-encoded file content in Parameters might be a workaround, but it is not that convenient.
Please sign in to leave a comment.
As of now, there is no functionality to securely store files on TeamCity server side, apart from SSH keys. There is a feature request on this matter which I have just updated: https://youtrack.jetbrains.com/issue/TW-50768
Speaking of possible workarounds, there are three I could think of:
1) a sufficiently protected repository which agent checks out to pull the keystore file, and an additional step to remove it after the build;
2) a custom script which would do the same (pull the file or its contents from some secure internal server and handle its removal if needed);
3) putting the contents into parameter and using File Content Replacer (https://www.jetbrains.com/help/teamcity/file-content-replacer.html).
The third approach appears to be the cleanest implementation-wise, however keeping keystore parameter up-to-date could prove difficult if it changes for some reason or if there are multiple keys.