Putting SENTRY_SYSTEM_SECRET_KEY in .env.custom or .env doesn't work. #4077
Description
Self-Hosted Version
25.11.1
CPU Architecture
x86_64
Docker Version
29.1.1
Docker Compose Version
2.40.3
Machine Specification
- My system meets the minimum system requirements of Sentry
Steps to Reproduce
According to this documentation in sentry/config.example.yml:66; I can put my system.secret-key into a .env.custom file as SENTRY_SYSTEM_SECRET_KEY - and i want to do that so we can use version control on config.yml without having secrets in git.
If you are using SENTRY_SYSTEM_SECRET_KEY that is being set on your
.envor.env.customfile,
you should remove this line below as it won't be used anyway.
system.secret-key: '!!changeme!!'
But if i try to do that by performing the following steps:
git clone git@github.com:getsentry/self-hosted
cd self-hosted
./install.sh
sed -i 's/system\.secret-key/# system\.secret-key/' sentry/config.yml
echo "SENTRY_SYSTEM_SECRET_KEY=1234" > .env.custom
./install.sh
I get django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
I'm testing this on 25.11.1 but with the fix in ebace8c because otherwise the second run of install.sh fails on install/bootstrap-s3-nodestore.sh
Expected Result
Successful install.sh run
Actual Result
Traceback (most recent call last):
File "/.venv/bin/sentry", line 4, in <module>
raise SystemExit(main())
~~~~^^
File "/usr/src/sentry/src/sentry/runner/main.py", line 144, in main
func(**kwargs)
~~~~^^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/click/core.py", line 1442, in __call__
return self.main(*args, **kwargs)
~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/click/core.py", line 1363, in main
rv = self.invoke(ctx)
File "/.venv/lib/python3.13/site-packages/click/core.py", line 1830, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/click/core.py", line 1226, in invoke
return ctx.invoke(self.callback, **ctx.params)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/click/core.py", line 794, in invoke
return callback(*args, **kwargs)
File "/.venv/lib/python3.13/site-packages/click/decorators.py", line 34, in new_func
return f(get_current_context(), *args, **kwargs)
File "/usr/src/sentry/src/sentry/runner/decorators.py", line 33, in inner
configure()
~~~~~~~~~^^
File "/usr/src/sentry/src/sentry/runner/__init__.py", line 33, in configure
_configure(ctx, py, yaml, skip_service_validation)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/sentry/src/sentry/runner/settings.py", line 124, in configure
initialize_app(
~~~~~~~~~~~~~~^
{"config_path": py, "settings": settings, "options": yaml},
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
skip_service_validation=skip_service_validation,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/usr/src/sentry/src/sentry/runner/initializer.py", line 342, in initialize_app
django.setup()
~~~~~~~~~~~~^^
File "/.venv/lib/python3.13/site-packages/django/__init__.py", line 24, in setup
apps.populate(settings.INSTALLED_APPS)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/django/apps/registry.py", line 116, in populate
app_config.import_models()
~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/.venv/lib/python3.13/site-packages/django/apps/config.py", line 269, in import_models
self.models_module = import_module(models_module_name)
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.13/importlib/__init__.py", line 88, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 1026, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/usr/src/sentry/src/sentry/plugins/sentry_interface_types/models.py", line 2, in <module>
from sentry.plugins.bases.tag import TagPlugin
File "/usr/src/sentry/src/sentry/plugins/bases/__init__.py", line 2, in <module>
from .issue2 import IssueTrackingPlugin2 # NOQA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/sentry/src/sentry/plugins/bases/issue2.py", line 19, in <module>
from sentry.issues.endpoints.bases.group import GroupEndpoint
File "/usr/src/sentry/src/sentry/issues/endpoints/__init__.py", line 7, in <module>
from .group_notes import GroupNotesEndpoint
File "/usr/src/sentry/src/sentry/issues/endpoints/group_notes.py", line 11, in <module>
from sentry.api.serializers.rest_framework.group_notes import NoteSerializer
File "/usr/src/sentry/src/sentry/api/serializers/rest_framework/__init__.py", line 11, in <module>
from .rule import * # noqa: F401,F403
^^^^^^^^^^^^^^^^^^^
File "/usr/src/sentry/src/sentry/api/serializers/rest_framework/rule.py", line 14, in <module>
from sentry.rules import rules
File "/usr/src/sentry/src/sentry/rules/__init__.py", line 34, in <module>
rules = init_registry()
File "/usr/src/sentry/src/sentry/rules/__init__.py", line 25, in init_registry
cls = import_string(rule)
File "/usr/src/sentry/src/sentry/utils/imports.py", line 29, in import_string
result = _cache[path]
~~~~~~^^^^^^
File "/usr/src/sentry/src/sentry/utils/imports.py", line 11, in __missing__
module = __import__(module_name, {}, {}, [class_name])
File "/usr/src/sentry/src/sentry/mail/__init__.py", line 8, in <module>
from .notifications import * # NOQA Importing this in __init__ so that @register runs.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/sentry/src/sentry/mail/notifications.py", line 21, in <module>
from sentry.utils.email import MessageBuilder, group_id_to_email
File "/usr/src/sentry/src/sentry/utils/email/__init__.py", line 25, in <module>
from .address import email_to_group_id, group_id_to_email, parse_email, parse_user_name
File "/usr/src/sentry/src/sentry/utils/email/address.py", line 19, in <module>
signer = _CaseInsensitiveSigner()
File "/usr/src/sentry/src/sentry/utils/email/signer.py", line 26, in __init__
super().__init__(*args, **kwargs)
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/django/core/signing.py", line 181, in __init__
self.key = key or settings.SECRET_KEY
^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.13/site-packages/django/conf/__init__.py", line 90, in __getattr__
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
Error in install/set-up-and-migrate-database.sh:23.
'$dcr web upgrade --create-kafka-topics' exited with status 1
-> ./install.sh:main:44
--> install/set-up-and-migrate-database.sh:source:23
Cleaning up...
Event ID
No response