I had a Firebase project using an Android debug SHA-1 located at ~/.android/debug.keystore for authentication. I deleted the project, and realized after when trying to create an OAuth 2.0 credential in Google Cloud that I cannot use the same package name and SHA-1 key since it's being used by Firebase, even though it's pending deletion.
Can I generate a new one, if so, what are the consequences if any? My understanding is that the keystore file is unique to my app, so generating a new one would force me to create a totally new app listing.
What even is the difference between the keystore generated for your app using keytool (where you setup alias, and keystore password for your app), vs the debug keystore file in ~/.android/debug.keystore?
You can certainly generate a new keystore file for your app using the keytool command. The debug keystore file (debug.keystore) located at ~/.android/debug.keystore is automatically created when you build your Android app in debug mode for the first time. It is used during development and testing.
The debug keystore is convenient during development as it requires no additional configuration, and it allows you to use the same SHA-1 key across multiple projects. However, it's not recommended for production releases because the keystore's private key is publicly known (the default password is also well-known). For production releases, you should create your own keystore using the keytool utility or another key management tool.
When you generate a new keystore for your app, there are some consequences to be aware of: Authentication: If you are using authentication services that rely on the SHA-1 key (such as Firebase Authentication), you'll need to update the SHA-1 key in your authentication configuration. For Firebase, you can add multiple SHA-1 keys to your project, so you don't necessarily need to remove the old one immediately.
API Keys and OAuth: If you are using API keys or OAuth credentials tied to your app's package name and SHA-1 key, you'll need to update them with the new values.
App Signing: If your app is published on Google Play, the app is signed with a signing key, and changing the keystore means you won't be able to update the app using the previous keystore. Make sure to keep a backup of your old keystore for releasing updates to existing apps.
To generate a new keystore, you can use the following keytool command:
This command prompts you to enter information for your keystore, including a keystore password and a key alias. The keystore password and key alias are used to identify and manage keys within the keystore.
Remember to update any relevant configurations, such as Firebase or Supabase, with the new SHA-1 key and package name.