Issue
My DSN is visible in my website. Is this a security vulnerability, is it possible to completely hide my DSN key from users?
Applies To
- All Sentry users
Resolution
In short: this is not considered a security vulnerability.
The DSN key is intentionally designed to be public. It serves solely to identify the project within Sentry to which the events should be sent. The DSN key does not provide any access to sensitive information or data within the Sentry account.
Even if someone were to obtain the DSN key, they would only be able to send error events to your Sentry project, which you can switch out fairly easy. They would not be able to read, modify, or delete any data. This limited functionality ensures that the exposure of the DSN key does not pose a security risk.