Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Sentry authToken found in app.json." console warning even when using env variables in app config #334

Closed
TowhidKashem opened this issue May 14, 2023 · 11 comments

Comments

@TowhidKashem
Copy link

Summary

I'm using env variables as recommended to store the sensitive sentry info in app.config.js:

require('dotenv').config();

module.exports = ({ config }) => {
  return {
    ...config,

   // etc....

    hooks: {
      postPublish: [
        {
          file: 'sentry-expo/upload-sourcemaps',
          config: {
            organization: process.env.SENTRY_ORG,
            project: process.env.SENTRY_PROJECT,
            authToken: process.env.SENTRY_AUTH_TOKEN
          }
        }
      ]
    }
  };
};

But I'm still getting each time I start the app using npx expo start --dev-client:

» android: sentry-expo: Sentry `authToken` found in app.json. Avoid committing this value to your repository, configure it through `SENTRY_AUTH_TOKEN` environment variable instead. See: https://docs.expo.dev/guides/using-sentry/#app-configuration
» ios: sentry-expo: Sentry `authToken` found in app.json. Avoid committing this value to your repository, configure it through `SENTRY_AUTH_TOKEN` environment variable instead. See: https://docs.expo.dev/guides/using-sentry/#app-configuration

Managed or bare workflow? If you have ios/ or android/ directories in your project, the answer is bare!

managed

What platform(s) does this occur on?

iOS

SDK Version (managed workflow only)

48

Environment

  expo-env-info 1.0.5 environment info:
    System:
      OS: macOS 11.5.1
      Shell: 5.8 - /bin/zsh
    Binaries:
      Node: 18.0.0 - ~/.nvm/versions/node/v18.0.0/bin/node
      Yarn: 1.22.19 - ~/.yarn/bin/yarn
      npm: 8.6.0 - ~/.nvm/versions/node/v18.0.0/bin/npm
      Watchman: 2023.03.27.00 - /usr/local/bin/watchman
    Managers:
      CocoaPods: 1.11.3 - /usr/local/bin/pod
    SDKs:
      iOS SDK:
        Platforms: DriverKit 21.2, iOS 15.2, macOS 12.1, tvOS 15.2, watchOS 8.3
    IDEs:
      Xcode: 13.2.1/13C100 - /usr/bin/xcodebuild
    npmPackages:
      expo: ^48.0.0 => 48.0.15
      react: 18.2.0 => 18.2.0
      react-native: 0.71.7 => 0.71.7
    Expo Workflow: managed

Reproducible demo or steps to reproduce from a blank project

  1. Install sentry-expo
  2. Use env variables in app.config.js
  3. run "npx expo start --dev-client
  4. Notice warnings in console
@dks333
Copy link

dks333 commented May 31, 2023

Same issue on

  • expo-cli 6.3.2
  • "sentry-expo": "~6.1.0"

Event though I ran expo r -c, it's still showing the warning

@jamsch
Copy link

jamsch commented May 31, 2023

It's telling you to omit the following from your app.json config, and instead just have it as an environment variable.

authToken: process.env.SENTRY_AUTH_TOKEN

This is to avoid that authToken (in your app.json) being leaked in application update manifests.

Read more here: https://docs.expo.dev/guides/using-sentry/#app-configuration

@TowhidKashem
Copy link
Author

It's telling you to omit the following from your app.json config, and instead just have it as an environment variable.

authToken: process.env.SENTRY_AUTH_TOKEN

This is to avoid that authToken (in your app.json) being leaked in application update manifests.

Read more here: https://docs.expo.dev/guides/using-sentry/#app-configuration

Doh I misread the instructions, thanks! So now the hook in my app.config.js looks like:

    hooks: {
      postPublish: [
        {
          file: 'sentry-expo/upload-sourcemaps',
          config: {
            organization: process.env.SENTRY_ORG,
            project: process.env.SENTRY_PROJECT
          }
        }
      ]
    },

and I uploaded the auth token in my Expo dashboard's secret section:

Screen Shot 2023-06-02 at 5 21 38 PM

Am I good or Is there more I need to do?

@farmstrong8
Copy link

@TowhidKashem that's what I did and it seems to be fine 👍

@TowhidKashem
Copy link
Author

I can confirm these changes are enough to get rid of the original warning and still have Sentry work with source maps, closing.

@ShaneZhengNZ
Copy link

To be honest, the warning message is very confusing. It needs to state that you don't need to setup the authToken in the app.json at all, instead, set SENTRY_AUTH_TOKEN as Expo Secret is sufficient enough.

@DavidAPears
Copy link

DavidAPears commented Aug 21, 2023

Thanks - removing authToken: process.env.SENTRY_AUTH_TOKEN from app.json and then adding the authToken to 'Project secrets' in the Expo dashboard - and then having the organization: process.env.SENTRY_ORG & project: process.env.SENTRY_PROJECT in the app.config.js (as above) was the way to go.

I lost ages on this, the warning/Docs are really really vague. Much appreciated!

@komalparulekar
Copy link

It's telling you to omit the following from your app.json config, and instead just have it as an environment variable.

authToken: process.env.SENTRY_AUTH_TOKEN

This is to avoid that authToken (in your app.json) being leaked in application update manifests.

Read more here: https://docs.expo.dev/guides/using-sentry/#app-configuration

How to generate the eas build after using .env. I tried generating one but my apis werent working after using .env

@dhcmega
Copy link

dhcmega commented Jan 18, 2024

Hi
this solve the problem for eas online building.
But if you build local, it will not work as the secret is only for eas online server building.
There should be a solution for local building IMO
Thanks

@islamashraful
Copy link

For local builds set the token manually
export SENTRY_AUTH_TOKEN=YOUR-TOKEN
then run the build command

@dhcmega
Copy link

dhcmega commented Feb 23, 2024

Hi, I build android locally and ios online. Will try to test your solution. thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

9 participants