While my DSN is in a .env file and hidden from the repo browsers, I find it disturbing that my auth token is in the sentry.properties file for all to see.
I'm having trouble understanding what this means and how much of a security risk is it to let people outside my organization read this file?
(I have outsourced developers doing odd jobs for me on the repo)
We recommend treating a sentry.properties like an .env file.
It is basically the same, so you should add it to your e.g. .gitignore.
The reason why it's called sentry.properties is because of android gradle, we needed it to be read natively.