Javascript Browser SDK - Security Concerns in DSN key exposing in source code

[an-and10]

We have recently received a security concern from our Information Security team regarding the exposure of the DSN key during the initialization of the Sentry SDK in our JavaScript application.
The visibility of the DSN key poses a significant risk to our application's security. Therefore, we are seeking an alternative method to utilize the keys in an encrypted form to prevent exposure.

Please note that while storing the keys in a Vault is a feasible solution, it would necessitate our application to make an XHR request to retrieve it from the backend, potentially exposing the DSN value again in network tab.

Also provide what are the more consequences if dsn key is exposed.
We kindly request your immediate attention and assistance in providing a secure solution for this issue.

Sentry Initialization
Sentry.init({
                    dsn: "https://" + SECREAT_KEY + "@" + HOST + ".ingest.us.sentry.io/" + PROJECT_ID,
                    debug: ENV_VAL === 'local' ? true : false,

Please update it ASAP.

[rodolfoBee]

The DSN key is intentionally designed to be public. It serves solely to identify the project within Sentry to which the events should be sent. The DSN key does not provide any access to sensitive information or data within the Sentry account.

Even if someone were to obtain the DSN key, they would only be able to send error events to your Sentry project, which you can switch out fairly easy. They would not be able to read, modify, or delete any data. This limited functionality ensures that the exposure of the DSN key does not pose a security risk.

Even if the DSN is kept in secret, it can be "guessed" by looking at the HTTP request made by the SDK to your project.