According to the ReactNative site generating signing certificates should be relatively easy:

keytool -genkey -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000

IIRC days are set at an absolute minimum there, being at about 27 years in the future. The key size here is a bit small however still decent for contemporary cryptography. Generating the a key or two is the same process as any certificate. Keytool looks to generate a self signed certificate and you are ready to go. Next up is figuring out how to get the information back out. Looks like this website has a decent reference on keytool.

keytool -list -v -keystore my-release-key.keystore

The output is a bit ugly compared to OpenSSL, even with beauty being subjective. I may also have Stockholm syndrome on with OpenSSL though….

Onto control and storage of the keystore. Which I will not tell you about. Not here anyway. Let us just say the artifact will be be kept secret and safe. Keystore retrieval is pretty simple.

Next up on the docket is figuring out how to wire it into the signing configuration. The result of my attempts look something like the following. Definitely not the most elegant code, but it works.

    signingConfigs {
        envConfig {
            if( System.env.SIGNING_KEYSTORE) {
                storeFile file(System.env.SIGNING_KEYSTORE)
            if( project.hasProperty("SIGNING_STORE_SECRET")){ storePassword project.SIGNING_STORE_SECRET }
            if( project.hasProperty("SIGNING_KEY_ALIAS")){ keyAlias project.SIGNING_KEY_ALIAS }
            if( project.hasProperty("SIGNING_KEY_SECRET")){ keyPassword project.SIGNING_KEY_SECRET }

There is a catch to this though. The result is this segment needs to be added to all configurations to be signed.

if( System.env.SIGNING_KEYSTORE) { signingConfig signingConfigs.envConfig }