Any more comprehensive examples of usage?

[bdruth]

Sorry if I'm just dense, but I'm not understanding how to use this to manage the private bits in my Android project. I have a keystore I've used to sign the app bundle and I have an API key .json that I use to push the bundle up to the Play Store API - this is all working well. However, I need to share these protected resources and I was looking to take a similar approach to what fastlane match does on the iOS side with this plugin. Can I use the same GitHub repo as we're using for match? Can I use the same OpenSSL key as we're using for match? I assume I need to create a .zip of the existing .keystore and .json files, which cryptex will then save to the GitHub repo, but I'm a bit lost as to what I need to do where and how to incorporate it in the Fastfile lanes. I'm quite new to fastlane overall. Has anyone written a more granular how-to?

Sorry for the n00b post, I'm just a bit lost :(

[airtonix]

Yep same... we operate in a monorepo too so there's that.

Currently my process is this:

• Create new files for the new app
• Create some additional tooling shortcuts (because monorepo)
• get the initial app store entry created on the various app stores: fastlane produce ...
• generate the certs for the app fastlane match init
• generate a set of profiles fastlane match development etc

At this point i have a git repo with encrypted certs and profiles for the new app (this repo may already have other certs and profiles)

What I'd like to know is where cryptex fits in here?

[airtonix]

Ok so i've since started uncovering more details:

our directory structure looks like:

package.json
.yarnrc
yarn.lock
README.md
apps/
  OneOfOurApps/
    ios/
    android/
    keys/
    dist/
    fastlane/
      AppFile
      FastFile
      MatchFIle
    packages.json
designsystem/
  demo/
    ios/
    android/
    keys/
    dist/
    fastlane/
      AppFile
      FastFile
      MatchFIle
    package.json
  packages/
    avatar/
     package.json
    ...

our root package.json > scripts has :

...
"ds:fastlane": "yarn workspace @us/designsystemdemo fastlane"
...

get the initial app store entry created on the various app stores

You need to manually do this. because: google.

generate the certs etc for the app

you have two options here:

1. use an existing keystore you get from the google developers dashboard

  # designsystem/demo/fastlane/Fastfile

platform :android do
  desc "Encrypt and store the android codesigning keystore"
  lane :keystore_update do

    key_name = CredentialsManager::AppfileConfig.try_fetch_value(:package_name)

    cryptex(
      git_url: "github.com:you/codesigning.git",
      type: "import",
      in: "keys/upload.keystore",
      key: "#{key_name}.keystore"
    )
  end
end

our designsystem/demo/package.json > scripts has this:

{
 "name": "@us/designsystemdemo",
  ...
  "scripts": {
    "fastlane": "bundle exec fastlane"
  }
...

so when we run from our repo root:

$ yarn ds:fastlane android keystore_update

Several things happen:

• the git repo is pulled down
• the keystore is updated
• the keystore is encrypted
• the keystore is commited
• the repo is pushed back up

2. generate new ones with cryptex

  # designsystem/demo/fastlane/Fastfile

platform :android do
  desc "Encrypt and store the android codesigning keystore"
  lane :keystore_generate do
    key_name = CredentialsManager::AppfileConfig.try_fetch_value(:package_name)

    cryptex_generate_keystore(
      destination: "keys/upload.keystore",
      alias: "#{key_name}.keystore"
    )

    cryptex(
      git_url: "github.com:you/codesigning.git",
      type: "import",
      in: "keys/upload.keystore",
      key: "#{key_name}.keystore"
   )
  end
end

so when we run from our repo root:

$ yarn ds:fastlane android keystore_generate

Several things happen:

• a keystore is generated
• the git repo is pulled down
• the keystore is encrypted
• the keystore is commited
• the repo is pushed back up

So @bdruth I'd imagine if you want to also include your api key too, i think (correct me if I'm wrong), but we just need to remember that cryptex_generate_keystore is the only "keystore" orientated command, where as cryptex is a generic command for adding/extracting files from our codesigning repo.

So you could do something like:

  # designsystem/demo/fastlane/Fastfile

platform :android do
  desc "Encrypt and store the android codesigning keystore"
  lane :keystore_update do

    key_name = CredentialsManager::AppfileConfig.try_fetch_value(:package_name)

    cryptex(
      git_url: "github.com:you/codesigning.git",
      type: "import",
      in: "keys/upload.keystore",
      key: "#{key_name}.keystore"
    )

    cryptex(
      git_url: "github.com:you/codesigning.git",
      type: "import",
      in: "keys/api.json",
      key: "#{key_name}.api
    )
  end
end