[Docs issue] Need guidance on how securely to treat Sentry auth token (should it go in source control?) #1096
Labels
Platform: Docs
Regarding the documentation
Platform: React-Native
security
Pull requests that address a security vulnerability
Type: Feature Request
Projects
By default, the Sentry auth token is added to source control in multiple ways:
fastfile
in theupload_symbols_to_sentry
stepThe docs don't specify if the auth token should be treated more securely than the URL-esque key used in source code (which we put in an .ENV file although it will of course ship in the client).
It doesn't look like the CLI can do anything too destructive - only add, not delete, as far as I can see on a quick skim. So perhaps it's ok to have this auth token in source control.
But it would be I think valuable to have an explicit instruction both in the setup steps, and at this URL: https://sentry.io/settings/account/api/auth-tokens/ (That page also does not appear to give any guidance on how to treat this auth token.)
That way we'll all know what the best security practice is for these tokens.
Thanks for taking a look!
The text was updated successfully, but these errors were encountered: