diff --git a/sampleconfigs/config.py b/examples/config.py
similarity index 87%
rename from sampleconfigs/config.py
rename to examples/config.py
index 0e1919db..8eb1f266 100644
--- a/sampleconfigs/config.py
+++ b/examples/config.py
@@ -60,14 +60,18 @@ repo_keyalias = None
 
 #The keystore to use for release keys when building. This needs to be
 #somewhere safe and secure, and backed up!
-keystore = "/home/me/somewhere/my.keystore"
+#keystore = "/home/me/.local/share/fdroidserver/keystore.jks"
 
-#The password for the keystore (at least 6 characters).
-keystorepass = "password1"
+# The password for the keystore (at least 6 characters).  If this password is
+# different than the keypass below, it can be OK to store the password in this
+# file for real use.  But in general, sensitive passwords should not be stored
+# in text files!
+#keystorepass = "password1"
 
-#The password for keys - the same is used for each auto-generated key
-#as well as for the repository key.
-keypass = "password2"
+# The password for keys - the same is used for each auto-generated key as well
+# as for the repository key.  You should not normally store this password in a
+# file since it is a sensitive password.
+#keypass = "password2"
 
 #The distinguished name used for all keys.
 keydname = "CN=Birdman, OU=Cell, O=Alcatraz, L=Alcatraz, S=California, C=US"
diff --git a/sampleconfigs/makebs.config.py b/examples/makebs.config.py
similarity index 100%
rename from sampleconfigs/makebs.config.py
rename to examples/makebs.config.py
diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 3fef945f..8222ca77 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -66,6 +66,8 @@ def read_config(opts, config_file='config.py'):
         'stats_to_carbon': False,
         'repo_maxage': 0,
         'build_server_always': False,
+        'keystore': os.path.join(os.getenv('HOME'),
+                                 '.local', 'share', 'fdroidserver', 'keystore.jks'),
         'char_limits': {
             'Summary' : 50,
             'Description' : 1500
@@ -95,8 +97,26 @@ def read_config(opts, config_file='config.py'):
         if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
             logging.warn("unsafe permissions on {0} (should be 0600)!".format(config_file))
 
+    for k in ["keystorepass", "keypass"]:
+        if k in config:
+            write_password_file(k)
+
     return config
 
+def write_password_file(pwtype, password=None):
+    '''
+    writes out passwords to a protected file instead of passing passwords as
+    command line argments
+    '''
+    filename = '.fdroid.' + pwtype + '.txt'
+    fd = os.open(filename, os.O_CREAT | os.O_WRONLY, 0600)
+    if password == None:
+        os.write(fd, config[pwtype])
+    else:
+        os.write(fd, password)
+    os.close(fd)
+    config[pwtype + 'file'] = filename
+
 # Given the arguments in the form of multiple appid:[vc] strings, this returns
 # a dictionary with the set of vercodes specified for each package.
 def read_pkg_args(args, allow_vercodes=False):
diff --git a/fdroidserver/init.py b/fdroidserver/init.py
index 0c33400c..666cfaef 100644
--- a/fdroidserver/init.py
+++ b/fdroidserver/init.py
@@ -56,12 +56,15 @@ def genpassword():
 def genkey(keystore, repo_keyalias, password, keydname):
     '''generate a new keystore with a new key in it for signing repos'''
     logging.info('Generating a new key in "' + keystore + '"...')
+    write_password_file("keystorepass", password)
+    write_password_file("keypass", password)
     p = FDroidPopen(['keytool', '-genkey',
                 '-keystore', keystore, '-alias', repo_keyalias,
                 '-keyalg', 'RSA', '-keysize', '4096',
                 '-sigalg', 'SHA256withRSA',
                 '-validity', '10000',
-                '-storepass', password, '-keypass', password,
+                '-storepass:file', config['keystorepassfile'],
+                '-keypass:file', config['keypassfile'],
                 '-dname', keydname])
     if p.returncode != 0:
         raise BuildException("Failed to generate key", p.stdout)
@@ -106,7 +109,7 @@ def main():
         # 'metadata' and 'tmp' are created in fdroid
         os.mkdir('repo')
         shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), fdroiddir)
-        shutil.copyfile(os.path.join(examplesdir, 'sampleconfigs', 'config.py'), 'config.py')
+        shutil.copyfile(os.path.join(examplesdir, 'config.py'), 'config.py')
         os.chmod('config.py', 0o0600)
     else:
         logging.info('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
diff --git a/fdroidserver/publish.py b/fdroidserver/publish.py
index c7878d51..1c241501 100644
--- a/fdroidserver/publish.py
+++ b/fdroidserver/publish.py
@@ -122,23 +122,23 @@ def main():
         # if not generate one...
         p = FDroidPopen(['keytool', '-list',
             '-alias', keyalias, '-keystore', config['keystore'],
-            '-storepass', config['keystorepass']])
+            '-storepass:file', config['keystorepass']])
         if p.returncode !=0:
             logging.info("Key does not exist - generating...")
             p = FDroidPopen(['keytool', '-genkey',
                 '-keystore', config['keystore'], '-alias', keyalias,
                 '-keyalg', 'RSA', '-keysize', '2048',
                 '-validity', '10000',
-                '-storepass', config['keystorepass'],
-                '-keypass', config['keypass'],
+                '-storepass:file', config['keystorepassfile'],
+                '-keypass:file', config['keypassfile'],
                 '-dname', config['keydname']])
             if p.returncode != 0:
                 raise BuildException("Failed to generate key")
 
         # Sign the application...
         p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
-            '-storepass', config['keystorepass'],
-            '-keypass', config['keypass'], '-sigalg',
+            '-storepass:file', config['keystorepassfile'],
+            '-keypass:file', config['keypassfile'], '-sigalg',
             'MD5withRSA', '-digestalg', 'SHA1',
                 apkfile, keyalias])
         if p.returncode != 0:
diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 939af587..55d4b0e2 100644
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -642,7 +642,7 @@ def make_index(apps, apks, repodir, archive, categories):
             p = FDroidPopen(['keytool', '-exportcert',
                                   '-alias', config['repo_keyalias'],
                                   '-keystore', config['keystore'],
-                                  '-storepass', config['keystorepass']])
+                                  '-storepass:file', config['keystorepassfile']])
             if p.returncode != 0:
                 logging.critical("Failed to get repo pubkey")
                 sys.exit(1)
@@ -796,7 +796,8 @@ def make_index(apps, apks, repodir, archive, categories):
 
         # Sign the index...
         p = FDroidPopen(['jarsigner', '-keystore', config['keystore'],
-            '-storepass', config['keystorepass'], '-keypass', config['keypass'],
+            '-storepass:file', config['keystorepassfile'],
+            '-keypass:file', config['keypassfile'],
             '-digestalg', 'SHA1', '-sigalg', 'MD5withRSA',
             os.path.join(repodir, 'index.jar') , config['repo_keyalias']])
         if p.returncode != 0:
diff --git a/setup.py b/setup.py
index 7bbec283..90962a4e 100644
--- a/setup.py
+++ b/setup.py
@@ -13,10 +13,10 @@ setup(name='FDroidServer',
       scripts=['fdroid', 'fd-commit'],
       data_files=[
         ('share/doc/fdroidserver/examples',
-         [ 'config.buildserver.py',
-             'sampleconfigs/config.sample.py',
-             'sampleconfigs/makebs.config.sample.py',
-          'fdroid-icon.png']),
+         [ 'buildserver/config.buildserver.py',
+           'examples/config.py',
+           'examples/makebs.config.py',
+           'fdroid-icon.png']),
         ],
       install_requires=[
         'python-magic',