diff --git a/.github/workflows/push-event.yml b/.github/workflows/push-event.yml
index df07f95c1..2632347d6 100644
--- a/.github/workflows/push-event.yml
+++ b/.github/workflows/push-event.yml
@@ -19,13 +19,34 @@ jobs:
     - name: Download repository
       uses: actions/checkout@v3
 
+    - uses: actions/cache@v3
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
     - name: Setup Java
       uses: actions/setup-java@v3
       with:
         distribution: 'adopt'
         java-version: '17'
 
+    - name: Prepare Build Keys
+      if: ${{ github.event_name != 'pull_request' && github.repository == 'fossasia/pslab-android' }}
+      env:
+        ENCRYPTED_F10B5E0E5262_IV: ${{ secrets.ENCRYPTED_F10B5E0E5262_IV }}
+        ENCRYPTED_F10B5E0E5262_KEY: ${{ secrets.ENCRYPTED_F10B5E0E5262_KEY }}
+      run: |
+        bash scripts/prep-key.sh
+
     - name: Build with Gradle
+      env:
+        STORE_PASS: ${{ secrets.STORE_PASS }}
+        ALIAS: ${{ secrets.ALIAS }}
+        KEY_PASS: ${{ secrets.KEY_PASS }}
       run: |
         bash ./gradlew build --stacktrace
         bash ./gradlew bundle --stacktrace
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 86471925d..e263dc09c 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -4,7 +4,8 @@ plugins {
 
 apply(plugin = "realm-android")
 
-val keystoreExists = System.getenv("KEYSTORE_FILE") != null
+val KEYSTORE_FILE = rootProject.file("scripts/key.jks")
+val GITHUB_BUILD = System.getenv("GITHUB_ACTIONS") == "true" && KEYSTORE_FILE.exists()
 
 android {
     namespace = "io.pslab"
@@ -19,9 +20,9 @@ android {
     }
 
     signingConfigs {
-        if (keystoreExists) {
+        if (GITHUB_BUILD) {
             register("release") {
-                storeFile = file(System.getenv("KEYSTORE_FILE"))
+                storeFile = KEYSTORE_FILE
                 storePassword = System.getenv("STORE_PASS")
                 keyAlias = System.getenv("ALIAS")
                 keyPassword = System.getenv("KEY_PASS")
@@ -41,7 +42,7 @@ android {
                 "proguard-rules.pro"
             )
             resValue("string", "version", "${defaultConfig.versionName}")
-            signingConfig = if (keystoreExists) signingConfigs.getByName("release") else null
+            signingConfig = if (GITHUB_BUILD) signingConfigs.getByName("release") else null
         }
     }
     lint {
diff --git a/scripts/.gitignore b/scripts/.gitignore
new file mode 100644
index 000000000..916e12e4d
--- /dev/null
+++ b/scripts/.gitignore
@@ -0,0 +1,3 @@
+*.jks
+fastlane.json
+secrets.tar
\ No newline at end of file
diff --git a/scripts/prep-key.sh b/scripts/prep-key.sh
new file mode 100755
index 000000000..9a728e193
--- /dev/null
+++ b/scripts/prep-key.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+
+openssl aes-256-cbc -K $ENCRYPTED_F10B5E0E5262_KEY -iv $ENCRYPTED_F10B5E0E5262_IV -in ./scripts/secrets.tar.enc -out ./scripts/secrets.tar -d
+tar xvf ./scripts/secrets.tar -C scripts/
\ No newline at end of file
diff --git a/scripts/secrets.tar.enc b/scripts/secrets.tar.enc
new file mode 100644
index 000000000..bd851b932
Binary files /dev/null and b/scripts/secrets.tar.enc differ