Sentry Security Basics
Prerequisites
- •Security requirements documented
- •Compliance standards identified (GDPR, SOC 2, HIPAA)
- •Sensitive data patterns known
- •Access control needs defined
Instructions
- •Enable server-side data scrubbing in project settings
- •Configure client-side scrubbing in beforeSend for user data and request bodies
- •Add sensitive field patterns for passwords, tokens, and API keys
- •Store DSN in environment variables, never hardcode
- •Set sendDefaultPii to false in SDK configuration
- •Configure team permissions with principle of least privilege
- •Create API tokens with minimal required scopes
- •Rotate DSN keys and disable old ones after deployment
- •Enable audit logging for compliance tracking
- •Complete security checklist and document compliance status
Output
- •Data scrubbing configured
- •DSN secured in environment variables
- •Access controls implemented
- •Security checklist completed
Error Handling
See {baseDir}/references/errors.md for comprehensive error handling.
Examples
See {baseDir}/references/examples.md for detailed examples.