When we use DSN inside our code-base and git commit the changes, anyone can see the DSN, who ever has access to the repository.
So my question,
Do we need to keep the DSN private in some kind of environment variable or it can be just pasted as a hard-coded value inside the code-base.
The DSN is not a secret, worst thing someone could do is sending events to your account.
All āanalyticsā services have this problem.
If that ever happens you have a few options tackling this, you can either block off certain request or cycle the DSN.
So having it in the repo is fine.
What do you mean by that? You mean allow data event from only specific domains?
I am not aware of this feature, can you share me link to docs for this.
So, why donāt you recommend to the users to store their DSN as a variable key or keep it somewhere private. (just curious to ask)
You can create just a new DSN and delete old ones. You can find this in your project settings -> Client Keys.
Recommending storing the DSN somewhere private would be conflicting messaging from our side.
Letās imagine you use @sentry/browser on your website, itās impossible to hide the DSN in javascript. No one stops you from using the same DSN on your server.
So you see, we canāt make it secret so we donāt tell people itās a secret, itās basically an id identifying your account.
I understand that some DSNās have to be public, but I strongly believe that some effort to keep them private is warranted. Iām pushing for a change to documentation to this effect over here if anybody wants to wade in:
(that issue references this forum post as a reason not to encourage private DSNs, so figured Iād link up the circle.)