Skip to content

Putting SENTRY_SYSTEM_SECRET_KEY in .env.custom or .env doesn't work. #4077

New issue
New issue
Closed
#4087
Closed
Putting SENTRY_SYSTEM_SECRET_KEY in .env.custom or .env doesn't work.#4077
#4087
@kofoednielsen

Description

@kofoednielsen
kofoednielsen
opened on Dec 3, 2025

Self-Hosted Version

25.11.1

CPU Architecture

x86_64

Docker Version

29.1.1

Docker Compose Version

2.40.3

Machine Specification

  • My system meets the minimum system requirements of Sentry

Steps to Reproduce

According to this documentation in sentry/config.example.yml:66; I can put my system.secret-key into a .env.custom file as SENTRY_SYSTEM_SECRET_KEY - and i want to do that so we can use version control on config.yml without having secrets in git.

If you are using SENTRY_SYSTEM_SECRET_KEY that is being set on your .env or .env.custom file,
you should remove this line below as it won't be used anyway.
system.secret-key: '!!changeme!!'

But if i try to do that by performing the following steps:

git clone [email protected]:getsentry/self-hosted
cd self-hosted
./install.sh
sed -i 's/system\.secret-key/# system\.secret-key/' sentry/config.yml 
echo "SENTRY_SYSTEM_SECRET_KEY=1234" > .env.custom
./install.sh

I get django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.

I'm testing this on 25.11.1 but with the fix in ebace8c because otherwise the second run of install.sh fails on install/bootstrap-s3-nodestore.sh

Expected Result

Successful install.sh run

Actual Result

Traceback (most recent call last):
  File "/.venv/bin/sentry", line 4, in <module>
    raise SystemExit(main())
                     ~~~~^^
  File "/usr/src/sentry/src/sentry/runner/main.py", line 144, in main
    func(**kwargs)
    ~~~~^^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/click/core.py", line 1442, in __call__
    return self.main(*args, **kwargs)
           ~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/click/core.py", line 1363, in main
    rv = self.invoke(ctx)
  File "/.venv/lib/python3.13/site-packages/click/core.py", line 1830, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/click/core.py", line 1226, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/click/core.py", line 794, in invoke
    return callback(*args, **kwargs)
  File "/.venv/lib/python3.13/site-packages/click/decorators.py", line 34, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/src/sentry/src/sentry/runner/decorators.py", line 33, in inner
    configure()
    ~~~~~~~~~^^
  File "/usr/src/sentry/src/sentry/runner/__init__.py", line 33, in configure
    _configure(ctx, py, yaml, skip_service_validation)
    ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/sentry/src/sentry/runner/settings.py", line 124, in configure
    initialize_app(
    ~~~~~~~~~~~~~~^
        {"config_path": py, "settings": settings, "options": yaml},
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        skip_service_validation=skip_service_validation,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/usr/src/sentry/src/sentry/runner/initializer.py", line 342, in initialize_app
    django.setup()
    ~~~~~~~~~~~~^^
  File "/.venv/lib/python3.13/site-packages/django/__init__.py", line 24, in setup
    apps.populate(settings.INSTALLED_APPS)
    ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/django/apps/registry.py", line 116, in populate
    app_config.import_models()
    ~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/.venv/lib/python3.13/site-packages/django/apps/config.py", line 269, in import_models
    self.models_module = import_module(models_module_name)
                         ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/importlib/__init__.py", line 88, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 1026, in exec_module
  File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
  File "/usr/src/sentry/src/sentry/plugins/sentry_interface_types/models.py", line 2, in <module>
    from sentry.plugins.bases.tag import TagPlugin
  File "/usr/src/sentry/src/sentry/plugins/bases/__init__.py", line 2, in <module>
    from .issue2 import IssueTrackingPlugin2  # NOQA
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/sentry/src/sentry/plugins/bases/issue2.py", line 19, in <module>
    from sentry.issues.endpoints.bases.group import GroupEndpoint
  File "/usr/src/sentry/src/sentry/issues/endpoints/__init__.py", line 7, in <module>
    from .group_notes import GroupNotesEndpoint
  File "/usr/src/sentry/src/sentry/issues/endpoints/group_notes.py", line 11, in <module>
    from sentry.api.serializers.rest_framework.group_notes import NoteSerializer
  File "/usr/src/sentry/src/sentry/api/serializers/rest_framework/__init__.py", line 11, in <module>
    from .rule import *  # noqa: F401,F403
    ^^^^^^^^^^^^^^^^^^^
  File "/usr/src/sentry/src/sentry/api/serializers/rest_framework/rule.py", line 14, in <module>
    from sentry.rules import rules
  File "/usr/src/sentry/src/sentry/rules/__init__.py", line 34, in <module>
    rules = init_registry()
  File "/usr/src/sentry/src/sentry/rules/__init__.py", line 25, in init_registry
    cls = import_string(rule)
  File "/usr/src/sentry/src/sentry/utils/imports.py", line 29, in import_string
    result = _cache[path]
             ~~~~~~^^^^^^
  File "/usr/src/sentry/src/sentry/utils/imports.py", line 11, in __missing__
    module = __import__(module_name, {}, {}, [class_name])
  File "/usr/src/sentry/src/sentry/mail/__init__.py", line 8, in <module>
    from .notifications import *  # NOQA Importing this in __init__ so that @register runs.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/sentry/src/sentry/mail/notifications.py", line 21, in <module>
    from sentry.utils.email import MessageBuilder, group_id_to_email
  File "/usr/src/sentry/src/sentry/utils/email/__init__.py", line 25, in <module>
    from .address import email_to_group_id, group_id_to_email, parse_email, parse_user_name
  File "/usr/src/sentry/src/sentry/utils/email/address.py", line 19, in <module>
    signer = _CaseInsensitiveSigner()
  File "/usr/src/sentry/src/sentry/utils/email/signer.py", line 26, in __init__
    super().__init__(*args, **kwargs)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/django/core/signing.py", line 181, in __init__
    self.key = key or settings.SECRET_KEY
                      ^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.13/site-packages/django/conf/__init__.py", line 90, in __getattr__
    raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.

Error in install/set-up-and-migrate-database.sh:23.
'$dcr web upgrade --create-kafka-topics' exited with status 1
-> ./install.sh:main:44
--> install/set-up-and-migrate-database.sh:source:23

Cleaning up...

Event ID

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for issues without a type.

    Projects

    Self-hosted Sentry

    Status

    No status
    GitHub Issues with 👀 3

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions