playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / sentry-security-basics

sentry-security-basics skill

/plugins/saas-packs/sentry-pack/skills/sentry-security-basics

This skill helps you configure Sentry security and data scrubbing to protect PII and enforce least-privilege access.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill sentry-security-basics

Review the files below or copy the command above to add this skill to your agents.

Files (5)
SKILL.md
1.7 KB
---
name: sentry-security-basics
description: |
  Configure Sentry security settings and data protection.
  Use when setting up data scrubbing, managing sensitive data,
  or configuring security policies.
  Trigger with phrases like "sentry security", "sentry PII",
  "sentry data scrubbing", "secure sentry".
allowed-tools: Read, Write, Edit, Grep
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Sentry Security Basics

## Prerequisites

- Security requirements documented
- Compliance standards identified (GDPR, SOC 2, HIPAA)
- Sensitive data patterns known
- Access control needs defined

## Instructions

1. Enable server-side data scrubbing in project settings
2. Configure client-side scrubbing in beforeSend for user data and request bodies
3. Add sensitive field patterns for passwords, tokens, and API keys
4. Store DSN in environment variables, never hardcode
5. Set sendDefaultPii to false in SDK configuration
6. Configure team permissions with principle of least privilege
7. Create API tokens with minimal required scopes
8. Rotate DSN keys and disable old ones after deployment
9. Enable audit logging for compliance tracking
10. Complete security checklist and document compliance status

## Output
- Data scrubbing configured
- DSN secured in environment variables
- Access controls implemented
- Security checklist completed

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources
- [Sentry Security](https://docs.sentry.io/product/security/)
- [Data Privacy](https://docs.sentry.io/platforms/javascript/data-management/)

Overview

This skill helps configure Sentry security settings and data protection controls for projects. It guides setup of server- and client-side data scrubbing, secure storage of DSNs, and policy-driven access controls. Use it to reduce exposure of personally identifiable information and meet compliance requirements quickly.

How this skill works

The skill inspects common Sentry security settings and provides a concise action list: enable server-side scrubbing, add sensitive field patterns, set SDK options like sendDefaultPii to false, and store DSNs in environment variables. It also walks through access control and token scope configuration, rotation practices, and enabling audit logging for compliance tracking. The output is a checklist and recommended changes you can apply to project settings and SDK configuration.

When to use it

  • Initial Sentry onboarding for a new project
  • When implementing GDPR, HIPAA, or SOC 2 controls
  • Before deploying code that handles user data or secrets
  • During security reviews or incident response preparation
  • When auditing or hardening Sentry access and API tokens

Best practices

  • Enable server-side data scrubbing in project settings before collecting events
  • Implement client-side scrubbing (beforeSend) for request bodies and user data
  • Define and maintain sensitive field patterns for passwords, tokens, and API keys
  • Never hardcode DSNs; store them in environment variables and rotate keys regularly
  • Apply principle of least privilege to team and token scopes and enable audit logging

Example use cases

  • Configure beforeSend to remove PII from error payloads before they reach Sentry
  • Add regex patterns for common secrets to the server-side data scrubbing list
  • Migrate DSN values from source code to secured environment variables and rotate old keys
  • Create API tokens scoped to deploy automation only, not broad project access
  • Run the security checklist during a compliance audit to generate evidence of controls

FAQ

Should I set sendDefaultPii to true for richer user context?

No—keep sendDefaultPii set to false unless you have explicit consent and controls in place, and prefer selective enrichment via server-side processing.

How often should I rotate DSN keys and tokens?

Rotate keys and tokens on a regular schedule (for example, quarterly) and immediately after any suspected exposure; disable old keys promptly after rotation.