Sign an APK without putting keystore info in your build.gradle file Add the following code to your build.gradle file. // Load keystore def keystorePropertiesFile = rootProject.file("keystore.properties") def keystoreProperties = new Properties() keystoreProperties.load(new FileInputStream(keystorePropertiesFile)) android { ... signingConfigs { release { keyAlias keystoreProperties['keyAlias'] keyPassword keystoreProperties['keyPassword'] storeFile file(keystoreProperties['storeFile']) storePassword keystoreProperties['storePassword'] } } ... } Create a file called keystore.properties in the root directory of your project: keyAlias=my_key_alias keyPassword=key_password storeFile=C:/Users/escape\ spaces\ like\ this/Path/To/My/Keystore.jks storePassword=keystore_password Add the following line to your .gitignore file. keystore.properties