Security has been our top priority over the last year, and we’re rolling out major improvements to account and project access tokens to bring Rollbar up to today’s security standards. Newly created tokens will be stored in an encrypted format, inaccessible via the UI or API after being created, and you will be able to manually encrypt your existing tokens. This change to token storage will give you more control over who can submit, access or update data in your system.
How are we improving token security?
Stronger Protection – Newly created tokens will now be encrypted and will no longer be accessible via the UI or API after creation. When you generate a token, be sure to copy and store it securely - once you close the create token window, the token will be securely encrypted with no way to view it again.
Flexible Security Options – Choose between 512-bit tokens for maximum security or 128-bit tokens if you need to maintain compatibility with existing token lengths.
Updated Scope Rules – To enhance security, for newly created tokens certain token scopes must now be separate - post_server_item and post_client_item can no longer be combined with other scopes. Your current tokens can remain in their current state, but we recommend that you create new tokens with separate scopes.
Encrypt Existing Tokens - You can immediately encrypt your tokens without having to make any changes to the tokens themselves or your code - the tokens will be updated to the new encrypted storage mechanism.
What do I need to do to increase security on my account?
Upgrade Existing Tokens – Want added security? You can encrypt your existing tokens without any code changes required — they’ll work just the same, but will be stored more securely within Rollbar and will no longer be visible via the UI and API. Project tokens can be encrypted individually or in bulk within each project. You may want to securely download and store your tokens before you encrypt them - once encrypted you will not be able to view them again.
Create New Tokens - All new tokens will automatically be generated in the new secured format - you will see the token when created, after that only a public identifier will be available. When you create new tokens, ensure you copy and store them securely - they will only be visible once.
How does this impact my account?
No immediate action is needed – your existing tokens will remain unchanged and continue to work as usual. Existing tokens will still be visible in the UI and API, but any new tokens you create will follow the upgraded security process and be in the new format.
If you have any questions, feel free to contact our support team at [email protected] or visit our documentation for more details. Have a lot of projects? Contact our support team for help in using our bulk encryption process.
We’re committed to making Rollbar even more secure and reliable for you in 2025 and beyond as you hunt down bugs and achieve an error free day. Thank you for being part of this journey - exciting things lie ahead!
