Secrets & Developer Handoff
Files to Hand Off
These files are gitignored and must be transferred securely (password manager, encrypted transfer — never plain text over email/Slack).
Android Release Signing (required)
| File | Location | Purpose |
|---|---|---|
key.properties |
lucidflow/android/key.properties |
Keystore passwords and alias |
upload-keystore.jks |
lucidflow/android/upload-keystore.jks |
The signing keystore binary |
Both files go in lucidflow/android/. The build picks them up automatically.
key.properties Format
storePassword=<password>
keyPassword=<password>
keyAlias=<alias>
storeFile=upload-keystore.jks
Files NOT to Hand Off
| File | Why |
|---|---|
lucidflow/android/local.properties |
Machine-specific SDK paths — Android Studio auto-generates this |
.env |
Not used by this project |
iOS Signing
iOS uses Apple Developer Portal account-based signing, not files in the repo. New developers need:
- Access to the Apple Developer team
- Distribution certificate and provisioning profile installed via Xcode > Signing & Capabilities
Supabase Keys
The Supabase URL and anon key are committed to the repo in lib/utils/app_config.dart. The anon key is a public key (safe to commit). Service-role keys live only on the Supabase dashboard and Edge Functions environment — they are never in the client codebase.