HIGH SEVERITY KEYS AND TOKENS

How to Prevent Sentry DSN Leakage

A leaked Sentry DSN sounds harmless because the client DSN is meant to ship in browser bundles. The danger lives one tier up: server-side auth tokens, organization-scoped DSNs, and source map upload credentials are routinely confused with the public DSN and end up in the same Git history.

The Problem

A leaked Sentry DSN sounds harmless because the client DSN is meant to ship in browser bundles. The danger lives one tier up: server-side auth tokens, organization-scoped DSNs, and source map upload credentials are routinely confused with the public DSN and end up in the same Git history.

Impact

A leaked user or organization auth token lets attackers read every event Sentry has ingested for that project — including the request bodies, headers, user emails, and stack frames captured around exceptions. A leaked write-only public DSN can be used to forge events, exhaust your quota, or poison release health metrics.

Affected Tools

SentrySentry.io@sentry/browser@sentry/nodesentry-cli

First: which Sentry credential did you actually leak?

The single most important fact about this incident is one most write-ups skip. The string people call a "Sentry DSN" in postmortems is almost never the public DSN. Sentry projects expose at least four credentials that look superficially similar, often live in the same config file, and carry wildly different blast radii. Picking the right rotation depends entirely on which one of these you actually committed.

Public DSN
Safe
https://

Attacker capabilities

  • > Submit synthetic events to one project
  • > Burn through your monthly event allotment
  • > Bury real errors under thousands of fakes
  • > Cannot read, modify, or delete anything
Legacy DSN w/ secret
Deprecated
https://...:secret@

Attacker capabilities

  • > Same write surface as the public DSN
  • > Plus a deprecated shared secret in the URL
  • > Often grandfathered into older clients
  • > Treat as compromised client key
User Auth Token
Sensitive
sntryu_

Attacker capabilities

  • > Read events with full PII via Sentry API
  • > Upload source maps to any release
  • > Delete issues, modify alerts
  • > Inherits the issuing user's permissions
Org / Integration Token
Critical
sntrys_

Attacker capabilities

  • > Read project events across the org
  • > Upload poisoned source maps to shipped releases
  • > Rewire alerts, integrations, webhooks
  • > Pull release info — broader blast radius than user tokens

If you grep your repo for "sentry" and find only the first format, you have a billing and noise incident, not a confidentiality one. If you find sntryu_ or sntrys_, or a DSN with two segments before @, you have a real exposure. The rest of this page assumes the worse case and tells you how to scope the damage.

What attackers actually do with each credential

With only the public DSN

The realistic attacks are quota exhaustion and noise. A scanner finds your DSN in main.js and starts POSTing synthetic exceptions to /api/<projectId>/store/. Two outcomes follow: either you burn through your monthly event allotment and start paying overage rates, or real production errors get buried under thousands of fake ones and your on-call team stops trusting Sentry. Both happen. The mitigation is a two-click change in project settings — Allowed Domains plus Inbound Filters — and neither is on by default.

With a user auth token (sntryu_)

This is the credential whose leak teams underestimate the most. The attack is straightforward exfiltration of everything Sentry has stored for you. One curl request lists every project in your org. A second fetches recent events with ?full=true, and the event payloads contain the parts of an HTTP request your code captured around the exception — request bodies, query strings, headers, cookies, and whatever you passed to Sentry.setUser. Most teams pass raw customer emails. Some accidentally pass authorization headers. A read-events token gives an attacker your last 30 to 90 days of those payloads in a single bash loop.

With an org or internal-integration token (sntrys_)

The same event-exfiltration attack works, but the more interesting threat is poisoned source maps. Sentry resolves obfuscated stack frames against the source maps you uploaded for a given release identifier. An attacker with a write-capable org token can run sentry-cli releases files upload-sourcemaps against a release you already shipped, and from that moment every error your engineers click on points at lines of code that do not exist in your repo. It is a great way to hide a real attack — your team chases ghost stack frames while the actual exploit goes uninvestigated.

exploit.sh 
# Three lines of bash is all it takes once a user auth token is exposed:

# 1. List every project the issuing user can see
curl -H "Authorization: Bearer sntryu_LEAKED_TOKEN" \
  https://sentry.io/api/0/organizations/your-org/projects/

# 2. Pull recent events with full request payloads (often contain PII)
curl -H "Authorization: Bearer sntryu_LEAKED_TOKEN" \
  "https://sentry.io/api/0/projects/your-org/your-project/events/?full=true"

# 3. Upload a malicious source map to a shipped release
SENTRY_AUTH_TOKEN=sntryu_LEAKED_TOKEN sentry-cli releases files \
  "1.42.0" upload-sourcemaps ./poisoned-dist

The first hour: pick the right rotation

Doing the wrong rotation wastes the most valuable minutes of the incident. Match the rotation to the credential type — these are not interchangeable.

If you leaked the public DSN

  1. Open Settings → Projects → <project> → Client Keys (DSN), generate a new key, and disable the old one. Update your client bundles and redeploy.
  2. Check Stats → Usage for an event spike inside the exposure window. If you see one, enable Allowed Domains on the new key and add an Inbound Filter for the impostor user-agent, release tag, or IP range.
  3. Set a per-key rate limit so a future scrape of the new key cannot replay the same attack at full speed.

If you leaked a user auth token

  1. Revoke the token at Account → User Auth Tokens. The token is dead the moment you click revoke — that is the highest-value step in this incident, do it before anything else.
  2. Open Settings → Audit Log and filter for the token's last 4 characters (Sentry records them on every API call the token made). This tells you precisely what was read, modified, or deleted during the exposure window. Export the rows — you need them.
  3. Pull the project's event volume for the same window. If the attacker hit /events/?full=true, treat it as a PII incident and notify users whose data was in the captured events.
  4. Re-issue a replacement token, store it only in your secrets manager, and hand it to whoever needs it via an encrypted single-view channel — not Slack, not email, not a pinned ticket.

If you leaked an org or internal-integration token

  1. Revoke it at Settings → Auth Tokens (org level) and audit the same way.
  2. List every release that received a source-map upload during the window: sentry-cli releases files <release> list. Delete artifacts you did not ship. Re-upload your real source maps so future events resolve to the right frames.
  3. If the token had broader scopes (e.g. project:write or org:write), audit alerts, integrations, and webhook URLs for anything the attacker could have rewired to collect data outbound.

In all three cases, do not waste time force-pushing the secret out of Git first. The credential's value to an attacker drops to zero the instant you click Revoke; rewriting history is hygiene, not mitigation. GitHub Archive, fork mirrors, and automated scrapers already have copies seconds after the push.

Preventing the next leak

Three patterns cover almost every recurring Sentry credential leak. None of them are unique to Sentry — they are unique-feeling because Sentry's docs blur the line between the safe public DSN and the dangerous auth tokens, and developers copy-paste both into the same config file.

  • Auth tokens live only in environment variables. sentry-cli reads SENTRY_AUTH_TOKEN from the process environment. There is no operational reason to write the token into a config file, a Makefile, or a shell script that gets committed. Put it in your CI provider's secrets, a vault, or your runtime's env, and reference the name everywhere else.
  • Pre-commit scanning targets the literal prefixes. sntryu_ and sntrys_ are unique enough that a gitleaks rule has no false positives. The same goes for the legacy DSN format with a :-separated secret. Catch them before the push leaves the laptop, then catch them again on the PR diff in CI.
  • Public DSN hardening lives in Sentry, not your code. Enable Allowed Domains on every project key, set a per-key rate limit, and use a separate DSN per environment. The point is that even if a scanner picks up your public DSN, it cannot do meaningful damage from an origin that is not in your allowlist.

Gitleaks rules that catch the dangerous credentials

.gitleaks.toml 
# .gitleaks.toml — rules people actually leak, not the public DSN
[[rules]]
id = "sentry-user-auth-token"
description = "Sentry user auth token"
regex = '''sntryu_[A-Za-z0-9]{32,}'''

[[rules]]
id = "sentry-org-auth-token"
description = "Sentry organization or internal-integration token"
regex = '''sntrys_[A-Za-z0-9]{32,}'''

[[rules]]
id = "sentry-legacy-dsn-with-secret"
description = "Old-format Sentry DSN that still embeds a secret"
regex = '''https?://[a-f0-9]{32,}:[a-f0-9]{16,}@[^/]+\.ingest\.sentry\.io/[0-9]+'''

Safe vs unsafe usage in code

Right — only the public DSN reaches the browser, with PII stripped before send:

sentry.client.ts — safe 
// src/lib/sentry.client.ts
import * as Sentry from '@sentry/browser';

Sentry.init({
  dsn: import.meta.env.PUBLIC_SENTRY_DSN, // public by design
  release: import.meta.env.PUBLIC_SENTRY_RELEASE,
  // Strip the request body before it leaves the device — most PII lives there
  beforeSend(event) {
    if (event.request) {
      delete event.request.data;
      delete event.request.cookies;
    }
    return event;
  }
});

Wrong — the auth token gets compiled into the bundle and is now public:

sentry.config.ts — unsafe 
// DO NOT do this — anyone who downloads main.js owns your error history
export const sentry = {
  dsn: 'https://abc123@o1.ingest.sentry.io/42',
  authToken: 'sntryu_PLEASE_NEVER_DO_THIS' // belongs in CI env only
};

The pattern that catches teams off-guard: a developer copies the sentry-cli source-map upload snippet from the docs into a build script, the build script gets committed, and the auth token rides along. A pre-commit scan would have caught the sntryu_ prefix before it ever left the laptop.

One footnote on sharing the rotated token

After you revoke and re-issue, the new auth token has to reach a coworker — usually the on-call engineer running the source-map upload from a different machine. Slack DMs, email, ticket comments, and shared notes are all the wrong place for that string: they index, they get screenshotted, and they survive in DM history long after the rotation closes.

CloakBin is built for this one job. The token goes into a single-view encrypted paste; the decryption key lives in the URL fragment, so our server never sees the plaintext (we cannot read it, leak it, or be subpoenaed for it); the recipient opens the link once and it self-destructs. It does not replace your secrets manager — it just covers the awkward minute between rotating the token and getting it into the manager on the other person's machine.

Real-World Incidents

2024-06-15

Sentry projects hit ingestion quota limits after public DSNs were scraped from compiled JS bundles and replayed with synthetic error payloads, costing teams real money on event overages.

Read more ↗
2023-11-02

Researchers demonstrated that user auth tokens committed alongside `sentry-cli releases` scripts allow listing of every project, downloading recent issues with full PII, and uploading malicious source maps — a far wider impact than a public DSN.

Read more ↗

The Solution

Treat the public DSN as a write-only stream protected by rate limits and allowed-domains. Treat auth tokens, internal integration tokens, and source map upload credentials as fully sensitive secrets — env-var only, never client-side, never in Git. Rotate immediately on exposure and audit event ingest for the affected window.

Best Practices

  • Use Encrypted Storage: Never store credentials in plain text. Use zero-knowledge encryption like CloakBin.
  • Rotate Keys Regularly: Change API keys and passwords frequently, especially after incidents.
  • Limit Access: Use environment variables and secrets managers. Never hardcode credentials.
  • Monitor for Leaks: Use GitHub secret scanning and other monitoring tools.

How CloakBin Protects You

Zero-Knowledge Encryption

Your encryption keys never touch our servers. We literally can't see your data.

Self-Destruct Messages

Burn-after-read ensures sensitive data is automatically deleted after viewing.

No Account Required

Anonymous by default. No email, no tracking, no data collection.

Client-Side Only

All encryption happens in your browser. Your plaintext never leaves your device.

Frequently Asked Questions

How common is Sentry DSN Leakage?

Based on search volume and reported incidents, this is a moderate concern in the security community. It's one of the top high severity issues in 2026.

Can CloakBin prevent this completely?

CloakBin provides zero-knowledge encryption for secure sharing, which is one layer of defense. Complete protection requires a multi-layered approach including proper key management, access controls, and regular security audits.

What should I do if I've been affected?

Immediately rotate all affected credentials, audit your systems for unauthorized access, and implement encrypted storage for future credentials. Consider using a secrets manager and zero-knowledge tools like CloakBin.

Protect Your Sensitive Data Today

Use CloakBin's zero-knowledge encryption to share API keys, passwords, and sensitive data securely. No account required, no tracking, completely free.

Try CloakBin Now