Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read sentry token from environment variable (SENTRY_AUTH_TOKEN) #3795

Open
LonelyCpp opened this issue May 1, 2024 · 5 comments
Open

Read sentry token from environment variable (SENTRY_AUTH_TOKEN) #3795

LonelyCpp opened this issue May 1, 2024 · 5 comments
Assignees
@lucas-zimerman
Labels
Platform: React-Native Type: 🪲 Bug

Comments

@LonelyCpp
Copy link

LonelyCpp commented May 1, 2024
edited

Current behaviour

The android script only reads the auth token from sentry.properties
However this file is usually checked into git, making the auth key vulnerable.

sentry-react-native/sentry.gradle

Line 186 in 7335e6e

"--auth-token", sentryProps.get("auth.token")

Error logs :

Execution failed for task ':app:createBundleInternalReleaseJsAndAssets_SentryUpload_com.xxx.android@6.31.0-internal+1157_1157'.
> Illegal null value provided in this collection: [--log-level, debug, --url, https://sentry-dev.xxx.com/, --auth-token, null, react-native, gradle, --bundle, /Users/vagrant/git/android/app/build/generated/assets/createBundleInternalReleaseJsAndAssets/index.android.bundle, --sourcemap, /Users/vagrant/git/android/app/build/generated/sourcemaps/react/internalRelease/index.android.bundle.map, --org, xxx, --project, xxx, --release, [email protected]+1157, --dist, 1157]

Expected

Android and iOS source upload scripts must respect the SENTRY_AUTH_TOKEN if present

This enables us to keep the auth token as a secret in our CI environments.

note: it looks like iOS does read from the environment variable, but I couldn't confirm it in source code. It would be helpful if the maintainers could point out where this happens

related issue : #1888 (But does not work)
@krystofwoldrich
Copy link
Member

Hi @LonelyCpp,
thank you for the message,
the SENTRY_AUTH_TOKEN is not read in combination with the flavorAware which you are using.

In all other cases the SENTRY_AUTH_TOKEN env is read in the sentry-cli directly.
https://github.com/getsentry/sentry-cli/blob/2be24a428e5b8c1102e96919b512d431ba475a08/src/config.rs#L672

I also looks like is a bug to me.

@krystofwoldrich
Copy link
Member

krystofwoldrich commented May 3, 2024
edited

Internal Note: (mention in release) This could be potentially breaking for users expecting the token from the sentry.properties to be used.

@LonelyCpp
Copy link
Author

perhaps the gradle script should allow null values to be sent for the key field.

This would make the cli reads from env and would not affect users who have the token in sentry.properties - backward compatible!

@krystofwoldrich
Copy link
Member

@LonelyCpp Thank you, yes we should think about the sentry.properties the same as flag of the sentry-cli when value is missing we try to read it from the env.

@psbdgr8
Copy link

psbdgr8 commented May 8, 2024

any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucas-zimerman lucas-zimerman

Labels
Platform: React-Native Type: 🪲 Bug
Projects
GitHub Issues with 👀 2
Status: No status
GitHub Issues with 👀 3
Status: No status
Mobile & Cross Platform SDK
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kahest @lucas-zimerman @LonelyCpp @krystofwoldrich @psbdgr8