Skip to content
Capgo

Encryption

This documentation explains how to migrate to the encryption v2 system. Learn more about the encryption v2 system in the blog post.

1. Create Key Pair

Section titled “1. Create Key Pair”
Terminal window
npx @capgo/cli key create

Store the private key securely. Never commit it to source control or share it with untrusted parties.

This command:

  • Creates a new key pair in your app
  • Removes the old key from your Capacitor config
  • Keeps old key files for backward compatibility

2. Update Capacitor Config

Section titled “2. Update Capacitor Config”

When prompted “Do you want to setup encryption with the new channel in order to support old apps and facilitate the migration?”, select yes. This adds a new defaultChannel option to your Capacitor config.

capacitor.config.ts
import { CapacitorConfig } from '@capacitor/cli';


const config: CapacitorConfig = {
  appId: 'com.example.app',
  appName: 'Example App',
  plugins: {
    CapacitorUpdater: {
      // ... other options
      defaultChannel: 'encryption_v2' // New apps will use this channel
    }
  }
};


export default config;

3. Upload Bundle to New Channel

Section titled “3. Upload Bundle to New Channel”
Terminal window
npx @capgo/cli bundle upload --channel encryption_v2

4. Enable Self-Assignment

Section titled “4. Enable Self-Assignment”
Terminal window
npx @capgo/cli channel set encryption_v2 --self-assign

5. Upload to Old Channel

Section titled “5. Upload to Old Channel”
Terminal window
npx @capgo/cli bundle upload --channel production

6. Cleanup (After 3-4 Months)

Section titled “6. Cleanup (After 3-4 Months)”

Once all users have updated their apps:

  1. Remove defaultChannel from your Capacitor config
  2. Delete the old channel:
Terminal window
npx @capgo/cli channel delete encryption_v2