Menu
While my DSN is in a .env file and hidden from the repo browsers, I find it disturbing that my auth token is in the sentry.properties file for all to see.
I'm having trouble understanding what this means and how much of a security risk is it to let people outside my organization read this file?
(I have outsourced developers doing odd jobs for me on the repo)
679
We recommend treating a sentry.properties like an .env file.
It is basically the same, so you should add it to your e.g. .gitignore.
The reason why it's called sentry.properties is because of android gradle, we needed it to be read natively.
185
Alternatively to the sentry.properties file, the cli can be configured using environment variables as the docs says:
| Property name | Environment variable |
|---|---|
defaults.url |
SENTRY_URL |
defaults.org |
SENTRY_ORG |
defaults.project |
SENTRY_PROJECT |
auth.token |
SENTRY_AUTH_TOKEN |
The environment variables will take precedence over values set in the properties file
In this way you can set the static fields in sentry.properties like url, org, project and pass as Env only the SENTRY_AUTH_TOKEN in CI mode
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
