When you have more than one person working on an app with an API key, debug builds start to be a pain. Your signing credentials are stored in a keystore file, which is unique to you. On a team, everyone will have his or her own keystore file and credentials. For new team members to work on the app, you have to ask them for their SHA1 and then go update your API key’s credentials.
Or, at least, that is one option for how to manage the API key: Manage all of the signing hashes in your project. If you want a lot of explicit control over who is doing what, that may be the right solution.
But there is another option: Create a debug keystore specifically for the project.
Start by creating a brand new debug keystore with Java’s keytool program.
Listing 34.14 Creating a new keystore (terminal)
$ keytool -genkey -v -keystore debug.keystore -alias androiddebugkey
--storepass android -keypass android -keyalg RSA -validity 14600
You will be asked a series of questions by keytool.
Answer them honestly, as if no one were watching.
(Since this is a debug key, it is OK to leave the default value on everything but the name if you like.)
$ keytool -genkey -v -keystore debug.keystore -alias androiddebugkey
--storepass android -keypass android -keyalg RSA -validity 14600
What is your first and last name?
[Unknown]: Bill Phillips
...
Once you have that debug.keystore file, move it into your app module’s folder.
Then open up your project structure, select your app module, and navigate to the Signing tab.
Click the + button to add a new signing config.
Type debug in the Name field and debug.keystore for your newly created keystore (Figure 34.4).
If you configure your API key to use this new keystore, then anyone else can use the same API key by using the same keystore. Much easier.
Note that if you do this, you need to exercise some caution about how you distribute this new debug.keystore. If you only share it in a private code repo, you should be fine. But do not publish this keystore in a public repo where anybody can get to it, because that will allow anyone to use your API key.