diff --git a/.github/workflows/Android-CI-release.yml b/.github/workflows/Android-CI-release.yml
index e3d90bc..32b8bac 100644
--- a/.github/workflows/Android-CI-release.yml
+++ b/.github/workflows/Android-CI-release.yml
@@ -6,42 +6,54 @@ on:
       - '*'
 
 jobs:
-  release:
+  build:
+    name: Publish release ${{ github.ref }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
       - name: Install JDK ${{ matrix.java_version }}
         uses: actions/setup-java@v4
         with:
-          distribution: 'adopt'
+          distribution: "adopt"
           java-version: 17
-
-      - name: Install Android SDK
-        uses: malinskiy/action-android/install-sdk@release/0.1.4
-
-      - name: Build project
-        run: ./gradlew assembleRelease
-        env:
-          VERSION: ${{ github.ref }}
-
-      - name: Get the version
+      - name: Find Tag
         id: tagger
         uses: jimschubert/query-tag-action@v2
         with:
           skip-unshallow: 'true'
-          abbrev: false
           commit-ish: HEAD
+      - name: Install Android SDK
+        uses: hannesa2/action-android/install-sdk@0.1.4.10
+      - name: Decrypt keystore
+        run: ./signing/decrypt.sh
+        env:
+          CRYPT_PASS: ${{ secrets.CRYPT_PASS }}
+      - name: Build project
+        run: ./gradlew clean assembleRelease
+        env:
+          TAG_VERSION: ${{steps.tagger.outputs.tag}}
+          CRYPT_PASS: ${{ secrets.CRYPT_PASS }}
+          KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }}
+          ALIAS_NAME: ${{ secrets.ALIAS_NAME }}
+          ALIAS_PASS: ${{ secrets.ALIAS_PASS }}
+          ARCORE_KEY: ${{ secrets.ARCORE_KEY }}
+          releaseKey: ${{ secrets.releaseKey }}
+      - name: cleanup keystore
+        run: ./signing/cleanup.sh
 
       - name: Create Release
         uses: softprops/action-gh-release@v2
         with:
           tag_name: ${{steps.tagger.outputs.tag}}
-          name: ${{steps.tagger.outputs.tag}}
           generate_release_notes: true
-          files: RxAudioLib/build/outputs/aar/*-release.aar
+          prerelease: false
+          name: ${{steps.tagger.outputs.tag}}
+          files: |
+            ./app/build/outputs/apk/release/*.apk
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index 82a4f4a..65acb51 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -23,13 +23,17 @@ jobs:
           java-version: ${{ matrix.java_version }}
       - uses: gradle/wrapper-validation-action@v2
       - name: Install Android SDK
-        uses: malinskiy/action-android/install-sdk@release/0.1.4
+        uses: hannesa2/action-android/install-sdk@0.1.4.10
+      - name: Decrypt keystore
+        run: ./signing/decrypt.sh
+        env:
+          CRYPT_PASS: ${{ secrets.CRYPT_PASS }}
       - name: Build project
         run: ./gradlew build
 #      - name: Run tests
 #        run: ./gradlew test
 #      - name: Run instrumentation tests
-#        uses: malinskiy/action-android/emulator-run-cmd@release/0.1.4
+#        uses: hannesa2/action-android/emulator-run-cmd@0.1.4.10
 #        with:
 #          cmd: ./gradlew cAT
 #          api: 21
@@ -48,3 +52,5 @@ jobs:
         with:
           name: Lint-report
           path: app/build/reports/lint-results*.html
+      - name: cleanup keystore
+        run: ./signing/cleanup.sh
diff --git a/app/build.gradle b/app/build.gradle
index 332b295..d458199 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -1,7 +1,14 @@
 apply plugin: 'com.android.application'
 apply plugin: 'kotlin-android'
 
+def keystorePropertiesFile = rootProject.file("signing/keystore.properties");
+def keystoreProperties = new Properties()
+if (keystorePropertiesFile.exists()) {
+    keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
+}
+
 android {
+    namespace 'isomora.com.greendoctor'
     defaultConfig {
         applicationId "isomora.com.greendoctor"
         minSdkVersion 26
@@ -26,14 +33,58 @@ android {
     buildFeatures {
         viewBinding = true
     }
-    namespace 'isomora.com.greendoctor'
     androidResources {
         noCompress 'tflite'
     }
+    signingConfigs {
+        debugCI {
+            storeFile file('../signing/debug.keystore')
+            storePassword "android"
+            keyPassword "android"
+            keyAlias "androiddebugkey"
+        }
+        release {
+            storeFile file('../signing/release.keystore')
+            storePassword keystoreProperties.getProperty('storePassword')
+            keyAlias keystoreProperties.getProperty('keyAlias')
+            keyPassword keystoreProperties.getProperty('keyPassword')
+        }
+    }
+    buildTypes {
+        debug {
+            if (System.getenv("CI") == "true") { // Github action
+                println "I run on Gitlab and use for debug the RELEASE signing"
+                signingConfig signingConfigs.release
+            }
+        }
+        release {
+            signingConfig signingConfigs.release
+            if (System.getenv("CI_SERVER")) { // gitlab
+                println "I run on Gitlab and use RELEASE signing"
+                signingConfig signingConfigs.release
+            } else if (System.getenv("CI") == "true") { // Github
+                println "I run on Github and use RELEASE signing"
+                signingConfig signingConfigs.release
+            } else if (file('../signing/release-key.keystore').exists()) {
+                if (System.getenv("KEYSTORE_PASS") == null || System.getenv("ALIAS_PASS") == null) {
+                    println "I run somewhere else and I use DEBUG signing because variables are not set !"
+                    signingConfig signingConfigs.debugCI
+                } else {
+                    println "I use RELEASE signing"
+                    signingConfig signingConfigs.release
+                }
+            } else {
+                println "I run somewhere else and I use debug signing"
+                signingConfig signingConfigs.debugCI
+            }
+            minifyEnabled false
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
+        }
+    }
 }
 
 dependencies {
-    implementation"org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
+    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
     implementation 'androidx.appcompat:appcompat:1.6.1'
     implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
     implementation 'org.tensorflow:tensorflow-lite:2.15.0'
diff --git a/signing/cleanup.sh b/signing/cleanup.sh
new file mode 100755
index 0000000..77b7877
--- /dev/null
+++ b/signing/cleanup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+find . -name '*.keystore' |xargs rm
+find . -name '*.properties' |xargs rm
diff --git a/signing/debug.keystore.enc b/signing/debug.keystore.enc
new file mode 100644
index 0000000..0bbe4e0
Binary files /dev/null and b/signing/debug.keystore.enc differ
diff --git a/signing/decrypt.sh b/signing/decrypt.sh
new file mode 100755
index 0000000..dd5cdab
--- /dev/null
+++ b/signing/decrypt.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+pwd
+
+if [[ -z "$CRYPT_PASS" ]]
+then
+   read -sp 'Password: ' CRYPT_PASS
+   if [[ -z "$CRYPT_PASS" ]]
+   then
+      echo "\$CRYPT_PASS Still empty"
+      exit 1
+   fi
+else
+   echo "\$CRYPT_PASS available"
+fi
+
+openssl version
+
+pushd signing
+
+# to encrypt
+#openssl aes-256-cbc -salt -pbkdf2 -k "$CRYPT_PASS" -in ./signing/release.keystore -out ./signing/release.keystore.enc
+#openssl aes-256-cbc -salt -pbkdf2 -k "$CRYPT_PASS" -in ~/.android/debug.keystore -out ./signing/debug.keystore.enc
+#openssl aes-256-cbc -salt -pbkdf2 -k "$CRYPT_PASS" -in ./app/google-services.json -out ./app/google-services.json.enc
+#openssl aes-256-cbc -salt -pbkdf2 -k "$CRYPT_PASS" -in ./signing/Surveilance-playstore.json -out ./signing/Surveilance-playstore.json.enc
+#openssl aes-256-cbc -salt -pbkdf2 -k "$CRYPT_PASS" -in ./signing/keystore.properties -out ./signing/keystore.properties.enc
+
+# shellcheck disable=SC2038
+find . -name "*.keystore.enc" | xargs ls -la
+
+# Ubuntu 18.04 (openssl 1.1.0g+) needs -md md5
+# https://askubuntu.com/questions/1067762/unable-to-decrypt-text-files-with-openssl-on-ubuntu-18-04/1076708
+echo release.keystore
+openssl aes-256-cbc -d -pbkdf2 -k "$CRYPT_PASS" -in release.keystore.enc -out release.keystore
+echo debug.keystore
+openssl aes-256-cbc -d -pbkdf2 -k "$CRYPT_PASS" -in debug.keystore.enc -out debug.keystore
+
+#echo google-services.json
+#openssl aes-256-cbc -d -pbkdf2 -k "$CRYPT_PASS" -in ../app/google-services.json.enc -out ../app/google-services.json
+#echo Surveilance-playstore.json
+#openssl aes-256-cbc -d -pbkdf2 -k "$CRYPT_PASS" -in Surveilance-playstore.json.enc -out Surveilance-playstore.json
+echo keystore.properties
+openssl aes-256-cbc -d -pbkdf2 -k "$CRYPT_PASS" -in keystore.properties.enc -out keystore.properties
+
+popd 1>/dev/null
\ No newline at end of file
diff --git a/signing/keystore.properties.enc b/signing/keystore.properties.enc
new file mode 100644
index 0000000..9f65629
Binary files /dev/null and b/signing/keystore.properties.enc differ
diff --git a/signing/release.keystore.enc b/signing/release.keystore.enc
new file mode 100644
index 0000000..79e23a2
Binary files /dev/null and b/signing/release.keystore.enc differ