Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Why This is Needed
- Every Android app on Play Store is signed with a signing key.
- If your team loses the upload key (used to sign and upload updates), you cannot release new versions.
- Since your app is enrolled in Play App Signing (Google manages the actual signing key), you only need to reset the upload key.
Step 1: Generate a New Upload Key
On the development machine (Windows, macOS, or Linux):
- Open Terminal/PowerShell.
- Run this command (replace passwords with your secure values):
keytool -genkey -v -keystore converter-pro-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload
converter-pro-key.jks→ name of your keystore file (save securely).alias upload→ key alias (you can choose another, but note it).-validity 10000→ key valid for ~27 years.
👉 This creates a new keystore (.jks) file. Keep it safe and backed up.
Step 2: Export the Public Certificate (.pem)
From the same folder, run:
keytool -exportcert -rfc -keystore converter-pro-key.jks -alias upload -file upload_converter_certificate.pem
- Enter your keystore password when prompted.
- This generates a PEM certificate file →
upload_converter_certificate.pem.
⚠️ Important: You will send only this .pem file to Google, not the .jks.
Step 3: Request Upload Key Reset in Play Console
- Go to Google Play Console.
- Select your app.
- Navigate to:
Release → Setup → App integrity - Scroll down to Upload key certificate.
- At the bottom, click:
👉 Request upload key reset.
This opens a Google Play support form.
Step 4: Submit the Support Request
In the form:
- Select your app package (e.g.,
com.company.app). - Reason: “Lost old upload key, need to reset with a new one.”
- Attach your
upload_converter_certificate.pem. - Submit.
Google usually replies within 24–48 hours.
Step 5: Wait for Confirmation
- You’ll receive an email confirmation once your new upload key is activated.
- After that, you must sign all future APK/AAB uploads with your new keystore (
converter-pro-key.jks).
Step 6: Update Build Configuration
For Gradle (Native Android Apps)
In gradle.properties (secure storage):
KEYSTORE_FILE=C:\\path\\to\\converter-pro-key.jks
KEY_ALIAS=upload
KEYSTORE_PASSWORD=your_store_password
KEY_PASSWORD=your_key_password
In app/build.gradle:
android {
signingConfigs {
release {
storeFile file(KEYSTORE_FILE)
storePassword KEYSTORE_PASSWORD
keyAlias KEY_ALIAS
keyPassword KEY_PASSWORD
}
}
buildTypes {
release {
signingConfig signingConfigs.release
}
}
}
For Flutter Apps
- Create a file
key.propertiesin your Android folder:storePassword=your_store_password keyPassword=your_key_password keyAlias=upload storeFile=C:\\path\\to\\converter-pro-key.jks - Update
android/app/build.gradle:def keystoreProperties = new Properties() def keystorePropertiesFile = rootProject.file("key.properties") if (keystorePropertiesFile.exists()) { keystoreProperties.load(new FileInputStream(keystorePropertiesFile)) } android { signingConfigs { release { keyAlias keystoreProperties['keyAlias'] keyPassword keystoreProperties['keyPassword'] storeFile file(keystoreProperties['storeFile']) storePassword keystoreProperties['storePassword'] } } buildTypes { release { signingConfig signingConfigs.release } } }
Best Practices
- Always backup your keystore (
.jks) in multiple secure locations. - Store passwords in a password manager (not in code).
- Only share the
.pemcertificate with Google—not the.jks. - Document this process in your team wiki.
Quick Recap
- Generate new keystore (
.jks) - Export
.pemcertificate - Go to Play Console → App integrity
- Click Request upload key reset
- Upload
.pemand submit - Wait for Google confirmation
- Update Gradle/Flutter config to use new keystore