When bundling a project, manifest.public.der and manifest.private.der are generated in the root project directory.
- What are these?
- Should they be tracked by version control?
1 Like
Those are the private and public key for the archive encryption. If no keys exist in the project root, the live update settings or the command line new let’s will be generated and used. If keys exist they will be reused.
If you need to recreate a build from the same source files your also need to use the same keys. This matters for instance when you need to recreate a build and create a patch for a consoles (unless you save your builds, which you really should make a habit of doing).
6 Likes
So we should track them?
Like I said, if you need to recreate a build for a certain snapshot of your source code and you need for the new build to match the original build exactly then yes, you need to save those files.
@Jerakin pointed out on Discord that when you asked if they should be tracked that you maybe meant using Git. You should always be careful about how to store signing keys so they don’t fall into the wrong hands. Now, these keys are not as critical as Google Play or iOS signing keys, but you should still treat them as private and valuable and make sure they are kept safe. If that is on a USB thumb drive, in a secure file vault, on a network drive shared with colleagues or in a private git repo is up to you. But make sure they are kept safe.
2 Likes