Callout to add .env to .gitignore #11430

Closes getsentry/sentry#77903

Author: vgrozdanic

docs/platforms/javascript/common/sourcemaps/uploading/angular-nx.mdx

@@ -57,7 +57,7 @@ To upload source maps you have to configure an [Organization Auth Token](https:/
 
 Alternatively, you can also use a [User Auth Token](https://sentry.io/orgredirect/organizations/:orgslug/settings/account/api/auth-tokens/), with the "Project: Read & Write" and "Release: Admin" permissions.
 
-Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file in the working directory when building your project.
+Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file (don't forget to add it to your `.gitignore` file, as this is sensitive data) in the working directory when building your project.
 We recommend you add the auth token to your CI/CD environment as an environment variable.
 
 <OrgAuthTokenNote />
@@ -84,7 +84,6 @@ pnpm add @sentry/webpack-plugin --save-dev
 
 Register the Sentry webpack plugin in your `webpack.config.js`:
 
-
 ```javascript {filename:webpack.config.js}
 const { sentryWebpackPlugin } = require("@sentry/webpack-plugin");
 
@@ -104,8 +103,8 @@ module.exports = {
 
 <Alert>
   Generating sourcemaps may expose them to the public, potentially causing your
-  source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Webpack Plugin's
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Webpack Plugin's
   `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/webpack-plugin#sourcemapsfilestodeleteafterupload)
   option to delete source maps after they've been uploaded to Sentry.
 </Alert>
@@ -154,8 +153,8 @@ Then, follow the [official Nx documentation](https://nx.dev/nx-api/angular/execu
 
 <Alert>
   Generating sourcemaps may expose them to the public, potentially causing your
-  source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Esbuild Plugin's
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Esbuild Plugin's
   `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/esbuild-plugin#sourcemapsfilestodeleteafterupload)
   option to delete source maps after they've been uploaded to Sentry.
 </Alert>

docs/platforms/javascript/common/sourcemaps/uploading/angular-webpack.mdx

@@ -85,7 +85,7 @@ To upload source maps you have to configure an [Organization Auth Token](https:/
 
 Alternatively, you can also use a [User Auth Token](https://sentry.io/orgredirect/organizations/:orgslug/settings/account/api/auth-tokens/), with the "Project: Read & Write" and "Release: Admin" permissions.
 
-Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file in the working directory when building your project.
+Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file (don't forget to add it to your `.gitignore` file, as this is sensitive data) in the working directory when building your project.
 We recommend you add the auth token to your CI/CD environment as an environment variable.
 
 <OrgAuthTokenNote />
@@ -96,7 +96,6 @@ SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
 
 Register the Sentry Webpack plugin in your `webpack.config.js`:
 
-
 ```javascript {filename:webpack.config.js}
 const { sentryWebpackPlugin } = require("@sentry/webpack-plugin");
 
@@ -133,8 +132,8 @@ We recommend running a production build to test your implementation.
 
 <Alert>
   Generating sourcemaps may expose them to the public, potentially causing your
-  source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Webpack Plugin's
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Webpack Plugin's
   `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/webpack-plugin#sourcemapsfilestodeleteafterupload)
   option to delete source maps after they've been uploaded to Sentry.
 </Alert>

docs/platforms/javascript/common/sourcemaps/uploading/esbuild.mdx

@@ -42,7 +42,7 @@ To upload source maps you have to configure an [Organization Auth Token](https:/
 
 Alternatively, you can also use a [User Auth Token](https://sentry.io/orgredirect/organizations/:orgslug/settings/account/api/auth-tokens/), with the "Project: Read & Write" and "Release: Admin" permissions.
 
-Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file in the working directory when building your project.
+Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file (don't forget to add it to your `.gitignore` file, as this is sensitive data) in the working directory when building your project.
 We recommend you add the auth token to your CI/CD environment as an environment variable.
 
 Learn more about configuring the plugin in our [Sentry esbuild Plugin documentation](https://www.npmjs.com/package/@sentry/esbuild-plugin).
@@ -55,7 +55,6 @@ SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
 
 Example:
 
-
 ```javascript {filename:esbuild.config.js}
 const { sentryEsbuildPlugin } = require("@sentry/esbuild-plugin");
 
@@ -74,8 +73,8 @@ require("esbuild").build({
 
 <Alert>
   Generating sourcemaps may expose them to the public, potentially causing your
-  source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Esbuild Plugin's
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Esbuild Plugin's
   `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/esbuild-plugin#sourcemapsfilestodeleteafterupload)
   option to delete source maps after they've been uploaded to Sentry.
 </Alert>

docs/platforms/javascript/common/sourcemaps/uploading/rollup.mdx

@@ -42,7 +42,7 @@ To upload source maps you have to configure an [Organization Auth Token](https:/
 
 Alternatively, you can also use a [User Auth Token](https://sentry.io/orgredirect/organizations/:orgslug/settings/account/api/auth-tokens/), with the "Project: Read & Write" and "Release: Admin" permissions.
 
-Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file in the working directory when building your project.
+Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file (don't forget to add it to your `.gitignore` file, as this is sensitive data) in the working directory when building your project.
 We recommend you add the auth token to your CI/CD environment as an environment variable.
 
 Learn more about configuring the plugin in our [Sentry Rollup Plugin documentation](https://www.npmjs.com/package/@sentry/rollup-plugin).
@@ -55,7 +55,6 @@ SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
 
 Example:
 
-
 ```javascript {filename:rollup.config.js}
 import { sentryRollupPlugin } from "@sentry/rollup-plugin";
 
@@ -76,8 +75,8 @@ export default {
 
 <Alert>
   Generating sourcemaps may expose them to the public, potentially causing your
-  source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Rollup Plugin's
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Rollup Plugin's
   `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/rollup-plugin#sourcemapsfilestodeleteafterupload)
   option to delete source maps after they've been uploaded to Sentry.
 </Alert>

docs/platforms/javascript/common/sourcemaps/uploading/vite.mdx

@@ -5,7 +5,9 @@ sidebar_order: 3
 ---
 
 <Note>
-This guide assumes you're using a Sentry **SDK version `7.47.0` or higher**. If you're on an older version and you want to upload source maps, we recommend upgrading your SDK to the newest version.
+  This guide assumes you're using a Sentry **SDK version `7.47.0` or higher**.
+  If you're on an older version and you want to upload source maps, we recommend
+  upgrading your SDK to the newest version.
 </Note>
 
 You can use the Sentry Vite plugin to automatically create releases and upload source maps to Sentry when bundling your app.
@@ -40,7 +42,7 @@ To upload source maps you have to configure an [Organization Auth Token](https:/
 
 Alternatively, you can also use a [User Auth Token](https://sentry.io/orgredirect/organizations/:orgslug/settings/account/api/auth-tokens/), with the "Project: Read & Write" and "Release: Admin" permissions.
 
-Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file in the working directory when building your project.
+Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file (don't forget to add it to your `.gitignore` file, as this is sensitive data) in the working directory when building your project.
 We recommend you add the auth token to your CI/CD environment as an environment variable.
 
 Learn more about configuring the plugin in our [Sentry Vite Plugin documentation](https://www.npmjs.com/package/@sentry/vite-plugin).
@@ -53,7 +55,6 @@ SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
 
 Example:
 
-
 ```javascript {filename:vite.config.js}
 import { defineConfig } from "vite";
 import { sentryVitePlugin } from "@sentry/vite-plugin";
@@ -74,9 +75,11 @@ export default defineConfig({
 ```
 
 <Alert>
-  Generating sourcemaps may expose them to the public, potentially causing your source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Vite Plugin's
-  `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/vite-plugin#sourcemapsfilestodeleteafterupload) option to delete source maps after they've been uploaded to Sentry.
+  Generating sourcemaps may expose them to the public, potentially causing your
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Vite Plugin's
+  `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/vite-plugin#sourcemapsfilestodeleteafterupload)
+  option to delete source maps after they've been uploaded to Sentry.
 </Alert>
 
 <Note>

docs/platforms/javascript/common/sourcemaps/uploading/webpack.mdx

@@ -41,7 +41,7 @@ To upload source maps you have to configure an [Organization Auth Token](https:/
 
 Alternatively, you can also use a [User Auth Token](https://sentry.io/orgredirect/organizations/:orgslug/settings/account/api/auth-tokens/), with the "Project: Read & Write" and "Release: Admin" permissions.
 
-Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file in the working directory when building your project.
+Auth tokens can be passed to the plugin explicitly with the `authToken` option, with a `SENTRY_AUTH_TOKEN` environment variable, or with an `.env.sentry-build-plugin` file (don't forget to add it to your `.gitignore` file, as this is sensitive data) in the working directory when building your project.
 We recommend you add the auth token to your CI/CD environment as an environment variable.
 
 Learn more about configuring the plugin in our [Sentry webpack plugin documentation](https://www.npmjs.com/package/@sentry/webpack-plugin).
@@ -54,7 +54,6 @@ SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
 
 <PlatformSection notSupported={["javascript.gatsby"]}>
 
-
 And the following webpack config:
 
 ```javascript {filename:webpack.config.js}
@@ -80,7 +79,6 @@ module.exports = {
 
 Add the following to your `gatsby-node.js` file:
 
-
 ```javascript {filename:gatsby-node.js}
 const { sentryWebpackPlugin } = require("@sentry/webpack-plugin");
 
@@ -101,8 +99,8 @@ exports.onCreateWebpackConfig = ({ actions }) => {
 
 <Alert>
   Generating sourcemaps may expose them to the public, potentially causing your
-  source code to be leaked. You can prevent this by configuring your server to deny access to `.js.map` files, or by
-  using [Sentry Webpack Plugin's
+  source code to be leaked. You can prevent this by configuring your server to
+  deny access to `.js.map` files, or by using [Sentry Webpack Plugin's
   `sourcemaps.filesToDeleteAfterUpload`](https://www.npmjs.com/package/@sentry/webpack-plugin#sourcemapsfilestodeleteafterupload)
   option to delete source maps after they've been uploaded to Sentry.
 </Alert>