Skip to main content
Generates signing credentials required for building and distributing mobile applications.

Syntax

php artisan native:credentials [platform] [options]

Arguments

platform

The platform to generate credentials for. Optional.
  • android - Generate Android keystore (JKS)
  • ios - Generate iOS certificate signing request (CSR)
  • both - Generate credentials for both platforms
If not specified, you’ll be prompted to choose.

Options

—reset

Generate new keystore and PEM certificate for Google Play Console reset. 
php artisan native:credentials android --reset
Use this when you’ve lost your keystore and need to reset signing on Google Play Console.

Examples

Generate Android keystore

php artisan native:credentials android

Generate iOS CSR

php artisan native:credentials ios

Generate both

php artisan native:credentials both

Generate reset credentials

php artisan native:credentials android --reset

What it creates

Android

Creates a JKS (Java KeyStore) file for signing Android apps: Files created:
  • android.jks - Your keystore file (keep this secure!)
  • .env updated with keystore information
Prompts for:
  • Key alias name
  • Keystore password
  • Key password
  • Certificate information (name, organization, etc.)
Output location: By default: storage/credentials/android.jks The keystore is automatically added to .gitignore.

iOS

Creates a Certificate Signing Request (CSR) for requesting certificates from Apple: Files created:
  • ios.certSigningRequest - CSR file to upload to Apple Developer
  • ios.key - Private key (keep this secure!)
  • .env updated with certificate information
Prompts for:
  • Email address
  • Common name (usually your name)
  • Organization name
Output location: By default: storage/credentials/ios.certSigningRequest

Reset (Android)

When using --reset, creates:
  • New keystore
  • PEM certificate file to upload to Play Console
This is used when migrating from a lost keystore.

Android keystore details

The generated keystore:
  • Type: JKS (Java KeyStore)
  • Algorithm: RSA
  • Key size: 2048 bits
  • Validity: 10,000 days (approximately 27 years)
  • Hash algorithm: SHA256

Important notes

  • Backup your keystore: If you lose it, you cannot update your app on Play Store
  • Keep it secure: Don’t commit to version control
  • Remember passwords: Store them in a password manager
  • Use same keystore: For all builds of the same app

iOS CSR details

The generated CSR:
  • Algorithm: RSA
  • Key size: 2048 bits
  • Hash algorithm: SHA256

Next steps after CSR generation

  1. Go to Apple Developer Portal
  2. Navigate to Certificates, Identifiers & Profiles
  3. Create a new certificate (Distribution or Development)
  4. Upload the .certSigningRequest file
  5. Download the certificate (.cer file)
  6. Install in Xcode or use with native:package

Environment variable updates

Android

ANDROID_KEYSTORE_FILE=/path/to/android.jks
ANDROID_KEYSTORE_PASSWORD=your-keystore-password
ANDROID_KEY_ALIAS=your-key-alias
ANDROID_KEY_PASSWORD=your-key-password

iOS

IOS_CERTIFICATE_REQUEST_PATH=/path/to/ios.certSigningRequest
IOS_PRIVATE_KEY_PATH=/path/to/ios.key

Security best practices

  1. Never commit credentials
    • Keystore files are automatically added to .gitignore
    • Never commit .env with passwords
  2. Secure storage
    • Use encrypted storage for keystore files
    • Consider using a hardware security module (HSM) for production
  3. Password management
    • Use strong, unique passwords
    • Store in a password manager
    • Don’t share passwords via email/chat
  4. Backup strategy
    • Keep encrypted backups of keystores
    • Store in multiple secure locations
    • Document recovery procedures
  5. Access control
    • Limit who has access to signing credentials
    • Use CI/CD secrets management
    • Rotate credentials periodically

Common workflows

First-time app setup

# Generate credentials
php artisan native:credentials both

# Build signed app
php artisan native:package android

Lost keystore recovery (Android)

If you’ve lost your Android keystore: 
# Generate new credentials with reset flag
php artisan native:credentials android --reset

# This creates a new keystore AND a PEM certificate
# Upload the PEM to Play Console to migrate signing
Then:
  1. Go to Play Console
  2. Navigate to Release > Setup > App signing
  3. Follow the “Request upload key reset” process
  4. Upload the generated PEM certificate

Team onboarding

For new team members who need to build:
  1. Share keystore file securely (encrypted)
  2. Share passwords via password manager
  3. Have them add to .env: 
    ANDROID_KEYSTORE_FILE=/path/to/android.jks
ANDROID_KEYSTORE_PASSWORD=...
ANDROID_KEY_ALIAS=...
ANDROID_KEY_PASSWORD=...

Troubleshooting

”keytool: command not found”

Install Java Development Kit (JDK): 
# macOS
brew install openjdk

# Ubuntu/Debian
sudo apt install default-jdk

# Windows
# Download from https://adoptium.net/

“openssl: command not found”

OpenSSL is usually pre-installed. If not: 
# macOS
brew install openssl

# Ubuntu/Debian
sudo apt install openssl

Permission denied when creating files

Check that storage/credentials/ directory is writable: 
chmod 755 storage/credentials

See also

Build docs developers (and LLMs) love

Get started for freeTalk to us