While my DSN is in a .env file and hidden from the repo browsers, I find it disturbing that my auth token is in the sentry.properties file for all to see.
I'm having trouble understanding what this means and how much of a security risk is it to let people outside my organization read this file?
(I have outsourced developers doing odd jobs for me on the repo)
We recommend treating a sentry.properties
like an .env
file.
It is basically the same, so you should add it to your e.g. .gitignore
.
The reason why it's called sentry.properties
is because of android gradle, we needed it to be read natively.
Alternatively to the sentry.properties
file, the cli can be configured using environment variables as the docs says:
Property name | Environment variable |
---|---|
defaults.url |
SENTRY_URL |
defaults.org |
SENTRY_ORG |
defaults.project |
SENTRY_PROJECT |
auth.token |
SENTRY_AUTH_TOKEN |
The environment variables will take precedence over values set in the properties file
In this way you can set the static fields in sentry.properties
like url, org, project and pass as Env only the SENTRY_AUTH_TOKEN
in CI mode
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With