diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml
index 0bffe13913..0e20f801ed 100644
--- a/.github/workflows/dogfood-deploy.yml
+++ b/.github/workflows/dogfood-deploy.yml
@@ -27,6 +27,7 @@ env:
   TF_VAR_fleet_image: ${{ github.event.inputs.DOCKER_IMAGE || 'fleetdm/fleet:main' }}
   TF_VAR_fleet_license: ${{ secrets.DOGFOOD_LICENSE_KEY }}
   TF_VAR_slack_webhook: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }}
+  TF_VAR_sentry_dsn: ${{ secrets.DOGFOOD_SENTRY_DSN }}
 
 permissions:
   id-token: write
diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf
index e5828e833a..7162e5a63e 100644
--- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf
+++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf
@@ -28,6 +28,8 @@ variable "fleet_license" {}
 variable "fleet_image" {
   default = "160035666661.dkr.ecr.us-east-2.amazonaws.com/fleet:1f68e7a5e39339d763da26a0c8ae3e459b2e1f016538d7962312310493381f7c"
 }
+variable "sentry_dsn" {
+}
 
 data "aws_caller_identity" "current" {}
 
@@ -42,6 +44,9 @@ locals {
     FLEET_VULNERABILITIES_DATABASES_PATH       = "/home/fleet"
     FLEET_OSQUERY_ENABLE_ASYNC_HOST_PROCESSING = "false"
   }
+  sentry_secrets = {
+    SENTRY_DSN = "${aws_secretsmanager_secret.sentry.arn}:SENTRY_DSN::"
+  }
 }
 
 module "main" {
@@ -85,7 +90,7 @@ module "main" {
     extra_iam_policies           = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies)
     extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies)
     extra_environment_variables  = merge(module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, local.extra_environment_variables)
-    extra_secrets                = merge(module.mdm.extra_secrets)
+    extra_secrets                = merge(module.mdm.extra_secrets, local.sentry_secrets)
   }
   alb_config = {
     name = local.customer
@@ -141,6 +146,17 @@ resource "aws_route53_record" "main" {
   }
 }
 
+resource "aws_secretsmanager_secret" "sentry" {
+  name = "${local.customer}-sentry"
+}
+
+resource "aws_secretsmanager_secret_version" "sentry" {
+  secret_id = aws_secretsmanager_secret.sentry.id
+  secret_string = jsonencode({
+    SENTRY_DSN = var.sentry_dsn
+  })
+}
+
 module "migrations" {
   source                   = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=main"
   ecs_cluster              = module.main.byo-vpc.byo-db.byo-ecs.service.cluster