Skip to main content

How do I manage and secure Personal Tokens in Sentry.io?

How do I manage and secure Personal Tokens in Sentry.io?

Personal Tokens in Sentry.io are user-specific authentication tokens that allow access to certain features and data. Proper management and security of these tokens are essential to ensure the integrity of your account and organization.

Managing Personal Access Tokens

Revoking a Token

If you need to revoke a Personal Access Token, follow these steps:

  1. Navigate to your user settings in Sentry.io (Select "Settings" from the left menu)

  2. Go to the Developer Settings: Personal Tokens section.

  3. Locate the token you wish to revoke and delete or remove it. This action immediately invalidates the token.

Replacing a Compromised Token

If a token is potentially compromised or needs to be replaced:

  1. Replace the token's usage in your systems with an organization token or an internal integration that your organization controls.

  2. Stop accepting the old token in your systems.

  3. Have the token’s owner revoke it from their Personal Tokens page.

Security Best Practices

  • Regularly review and revoke tokens that are no longer in use.

  • Use organization tokens or internal integrations for system-level access instead of personal tokens.

  • Immediately replace and revoke any token that may have been compromised.

Audit Log Visibility

Actions related to Personal Tokens are not visible in Sentry’s organization-level audit logs. These tokens are user-bound and managed individually on the user’s Account → Personal Tokens page.

Organization and internal token usage, however, are logged and searchable at the organization level. By following these guidelines, you can effectively manage and secure Personal Access Tokens in Sentry.io, ensuring the safety and integrity of your account and organization.

Did this answer your question?