search

expo / sentry-expo

MIT License
202 stars 83 forks source link

"Sentry `authToken` found in app.json." console warning even when using env variables in app config #334

Closed TowhidKashem closed 1 year ago

TowhidKashem commented 1 year ago

Summary

I'm using env variables as recommended to store the sensitive sentry info in app.config.js:

require('dotenv').config();

module.exports = ({ config }) => {
  return {
    ...config,

   // etc....

    hooks: {
      postPublish: [
        {
          file: 'sentry-expo/upload-sourcemaps',
          config: {
            organization: process.env.SENTRY_ORG,
            project: process.env.SENTRY_PROJECT,
            authToken: process.env.SENTRY_AUTH_TOKEN
          }
        }
      ]
    }
  };
};

But I'm still getting each time I start the app using npx expo start --dev-client:

» android: sentry-expo: Sentry `authToken` found in app.json. Avoid committing this value to your repository, configure it through `SENTRY_AUTH_TOKEN` environment variable instead. See: https://docs.expo.dev/guides/using-sentry/#app-configuration
» ios: sentry-expo: Sentry `authToken` found in app.json. Avoid committing this value to your repository, configure it through `SENTRY_AUTH_TOKEN` environment variable instead. See: https://docs.expo.dev/guides/using-sentry/#app-configuration

Managed or bare workflow? If you have ios/ or android/ directories in your project, the answer is bare!

managed

What platform(s) does this occur on?

iOS

SDK Version (managed workflow only)

48

Environment

  expo-env-info 1.0.5 environment info:
    System:
      OS: macOS 11.5.1
      Shell: 5.8 - /bin/zsh
    Binaries:
      Node: 18.0.0 - ~/.nvm/versions/node/v18.0.0/bin/node
      Yarn: 1.22.19 - ~/.yarn/bin/yarn
      npm: 8.6.0 - ~/.nvm/versions/node/v18.0.0/bin/npm
      Watchman: 2023.03.27.00 - /usr/local/bin/watchman
    Managers:
      CocoaPods: 1.11.3 - /usr/local/bin/pod
    SDKs:
      iOS SDK:
        Platforms: DriverKit 21.2, iOS 15.2, macOS 12.1, tvOS 15.2, watchOS 8.3
    IDEs:
      Xcode: 13.2.1/13C100 - /usr/bin/xcodebuild
    npmPackages:
      expo: ^48.0.0 => 48.0.15
      react: 18.2.0 => 18.2.0
      react-native: 0.71.7 => 0.71.7
    Expo Workflow: managed

Reproducible demo or steps to reproduce from a blank project

  1. Install sentry-expo
  2. Use env variables in app.config.js
  3. run "npx expo start --dev-client
  4. Notice warnings in console
dks333 commented 1 year ago

Same issue on

Event though I ran expo r -c, it's still showing the warning

jamsch commented 1 year ago

It's telling you to omit the following from your app.json config, and instead just have it as an environment variable.

authToken: process.env.SENTRY_AUTH_TOKEN

This is to avoid that authToken (in your app.json) being leaked in application update manifests.

Read more here: https://docs.expo.dev/guides/using-sentry/#app-configuration

TowhidKashem commented 1 year ago

It's telling you to omit the following from your app.json config, and instead just have it as an environment variable.

authToken: process.env.SENTRY_AUTH_TOKEN

This is to avoid that authToken (in your app.json) being leaked in application update manifests.

Read more here: https://docs.expo.dev/guides/using-sentry/#app-configuration

Doh I misread the instructions, thanks! So now the hook in my app.config.js looks like:

    hooks: {
      postPublish: [
        {
          file: 'sentry-expo/upload-sourcemaps',
          config: {
            organization: process.env.SENTRY_ORG,
            project: process.env.SENTRY_PROJECT
          }
        }
      ]
    },

and I uploaded the auth token in my Expo dashboard's secret section:

Screen Shot 2023-06-02 at 5 21 38 PM

Am I good or Is there more I need to do?

farmstrong8 commented 1 year ago

@TowhidKashem that's what I did and it seems to be fine 👍

TowhidKashem commented 1 year ago

I can confirm these changes are enough to get rid of the original warning and still have Sentry work with source maps, closing.

ShaneZhengNZ commented 1 year ago

To be honest, the warning message is very confusing. It needs to state that you don't need to setup the authToken in the app.json at all, instead, set SENTRY_AUTH_TOKEN as Expo Secret is sufficient enough.

DavidAPears commented 1 year ago

Thanks - removing authToken: process.env.SENTRY_AUTH_TOKEN from app.json and then adding the authToken to 'Project secrets' in the Expo dashboard - and then having the organization: process.env.SENTRY_ORG & project: process.env.SENTRY_PROJECT in the app.config.js (as above) was the way to go.

I lost ages on this, the warning/Docs are really really vague. Much appreciated!

komalparulekar commented 9 months ago

It's telling you to omit the following from your app.json config, and instead just have it as an environment variable.

authToken: process.env.SENTRY_AUTH_TOKEN

This is to avoid that authToken (in your app.json) being leaked in application update manifests.

Read more here: https://docs.expo.dev/guides/using-sentry/#app-configuration

How to generate the eas build after using .env. I tried generating one but my apis werent working after using .env

dhcmega commented 7 months ago

Hi this solve the problem for eas online building. But if you build local, it will not work as the secret is only for eas online server building. There should be a solution for local building IMO Thanks

islamashraful commented 6 months ago

For local builds set the token manually export SENTRY_AUTH_TOKEN=YOUR-TOKEN then run the build command

dhcmega commented 6 months ago

Hi, I build android locally and ios online. Will try to test your solution. thanks!