How do you handle your Android keystore?

The Android keystore is only relevant hen deploying/publishing your app, so it is sometimes “lost” along the way when changing computers, people working on the app etc. But of course this is a major problem, as you won’t be able to publish the app again.

How do you handle your Android keystore?
Do you commit it to the project Git repo?
Do you have it in another, special Git repo?
Any other best practices? (Besides not saying the passwords in a passwords.txt in the same folder…)

I encrypt it and store it in a separate private git repo, keep additional copies locally and on an external drive.


maybe zip it into archive with password and store in the cloud for example google?