[security issue] Sentry Auth token exposed in eas.json #630
Labels
bug
Something isn't working
Comments
|
You should send potential security issues directly to security@bsky.app rather than opening an issue, per README. |
nice catch, I emailed them. Will keep the issue open and they can close it after resolving... |
TowhidKashem
changed the title
|
Ah lovely -- I was under the impression only public tokens were in the repo. I've deauthorized this auth token. Thanks for raising the issue. |
|
Looks good! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
89c975413cd543fbb683b11bec984fc2163d9a77312c41c0b4480a570f3daa65
According to this thread:
expo/sentry-expo#321
you don't want to expose the auth token and use env variables instead. The thread is about using it in app.json but I think it applies here as well since the the security vulnerability is in others knowing the token first and foremost.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Use env variables that are loaded via dot env where needed and not committed to the repo.
The text was updated successfully, but these errors were encountered: