Self-Hosted Sentry
The CLI works with self-hosted Sentry instances. Set the SENTRY_HOST (or SENTRY_URL) environment variable to point at your instance:
export SENTRY_HOST=https://sentry.example.comAuthenticating
Section titled “Authenticating”With OAuth (Sentry 26.1.0+)
Section titled “With OAuth (Sentry 26.1.0+)”The OAuth device flow requires Sentry 26.1.0 or later and a public OAuth application registered on your instance.
1. Create a Public OAuth Application
Section titled “1. Create a Public OAuth Application”- In your Sentry instance, go to Settings → Developer Settings → Applications → Create New Application (or visit
https://sentry.example.com/settings/account/api/applications/) - Select Public as the application type
- Fill in the required fields (name, redirect URL — can be any placeholder URL)
- Save the application and copy the Client ID
2. Log In
Section titled “2. Log In”Use the --url flag to authenticate against your instance (recommended — this registers the host as trusted):
SENTRY_CLIENT_ID=your-client-id sentry auth login --url https://sentry.example.comOr pass the instance URL via environment variable:
SENTRY_HOST=https://sentry.example.com SENTRY_CLIENT_ID=your-client-id sentry auth loginWith an API Token
Section titled “With an API Token”If your instance is on an older version or you prefer not to create an OAuth application, you can use an API token instead:
- Go to Settings → Developer Settings → Personal Tokens in your Sentry instance (or visit
https://sentry.example.com/settings/account/api/auth-tokens/new-token/) - Create a new token with the following scopes:
project:read, project:write, project:admin, org:read, event:read, event:write, member:read, team:read, team:write
- Pass it to the CLI:
SENTRY_HOST=https://sentry.example.com sentry auth login --token YOUR_TOKENAfter Login
Section titled “After Login”Once authenticated, the CLI stores your instance URL — you don't need to set SENTRY_URL on every command. All subsequent commands automatically use the correct instance:
sentry issue listsentry org listIf you pass a self-hosted Sentry URL as a command argument (e.g., an issue or event URL), the CLI detects the instance automatically.
TLS / Corporate Proxies
Section titled “TLS / Corporate Proxies”If your self-hosted instance uses a private CA certificate (common with corporate TLS-intercepting proxies like Zscaler or Netskope), point NODE_EXTRA_CA_CERTS at your CA bundle:
export NODE_EXTRA_CA_CERTS=/path/to/corporate-ca.pemYou can also persist this setting so you don't need the env var on every invocation:
sentry cli defaults ca-cert /path/to/corporate-ca.pemRelevant Environment Variables
Section titled “Relevant Environment Variables”| Variable | Description |
|---|---|
SENTRY_HOST | Base URL of your Sentry instance (takes precedence over SENTRY_URL) |
SENTRY_URL | Alias for SENTRY_HOST |
SENTRY_CLIENT_ID | Client ID of your public OAuth application |
SENTRY_CUSTOM_HEADERS | Custom HTTP headers for proxy/IAP (semicolon-separated Name: Value pairs) |
SENTRY_FORCE_ENV_TOKEN | Force env token over stored OAuth token |
SENTRY_ORG | Default organization slug |
SENTRY_PROJECT | Default project slug (supports org/project format) |
NODE_EXTRA_CA_CERTS | Path to PEM file with additional CA certificates (for corporate proxies) |
See Configuration for the full environment variable reference.