diff --git a/sysadmin/T3592-elastic-workers/worker/.gitignore b/sysadmin/T3592-elastic-workers/worker/.gitignore
index a8cc11c..b687e2e 100644
--- a/sysadmin/T3592-elastic-workers/worker/.gitignore
+++ b/sysadmin/T3592-elastic-workers/worker/.gitignore
@@ -1,10 +1,11 @@
 loader-bzr.staging.values.yaml
 loader-cvs.staging.values.yaml
 loader-git.staging.values.yaml
 loader-maven.staging.values.yaml
 loader-pypi.staging.values.yaml
 loader-svn.staging.values.yaml
 loader-npm.staging.values.yaml
 
 loader-git-metadata-fetcher-credentials.yaml
 amqp-access-credentials.yaml
+loaders-git-sentry-secrets.yaml
diff --git a/sysadmin/T3592-elastic-workers/worker/README.md b/sysadmin/T3592-elastic-workers/worker/README.md
index c573cff..d2b99cc 100644
--- a/sysadmin/T3592-elastic-workers/worker/README.md
+++ b/sysadmin/T3592-elastic-workers/worker/README.md
@@ -1,123 +1,136 @@
 # Goal
 
 - autoscaling workers depending on repositories to load and allocated resources.
 
 # keda
 
 This uses KEDA - K(ubernetes) E(vents)-D(riven) A(utoscaling):
 ```
 $ helm repo add kedacore https://kedacore.github.io/charts
 $ helm repo update
 swhworker@poc-rancher:~$ kubectl create namespace keda
 namespace/keda created
 swhworker@poc-rancher:~$ helm install keda kedacore/keda --namespace keda
 NAME: keda
 LAST DEPLOYED: Fri Oct  8 09:48:40 2021
 NAMESPACE: keda
 STATUS: deployed
 REVISION: 1
 TEST SUITE: None
 ```
 source: https://keda.sh/docs/2.4/deploy/
 
 # helm
 
 We use helm to ease the cluster application management.
 
 # Install
 
 Install the worker declaration from this directory in the cluster
 ```
 $ export KUBECONFIG=export KUBECONFIG=staging-workers.yaml
 $ TYPE=git; REL=workers-$TYPE; \
   helm install -f ./loader-$TYPE.staging.values.yaml $REL ../worker
 $ TYPE=pypi; REL=workers-$TYPE; \
   helm install -f ./loader-$TYPE.staging.values.yaml $REL ../worker
 ```
 
 Where:
 ```
 $ cat ../loader-git.staging.values.yaml
 # Default values for worker.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
 amqp:
   host: scheduler0.internal.staging.swh.network
   queue_threshold: 10  # spawn worker per increment of `value` messages
   queues:
       - swh.loader.git.tasks.UpdateGitRepository
       - swh.loader.git.tasks.LoadDiskGitRepository
       - swh.loader.git.tasks.UncompressAndLoadDiskGitRepository
 
 storage:
   host: storage1.internal.staging.swh.network
 
 loader:
   name: loaders
   type: git
 ```
 
 # List
 
 List currently deployed applications:
 
 ```
 $ helm list
 helm list
 NAME            NAMESPACE       REVISION        UPDATED                                         STATUS          CHART           APP VERSION
 workers-bzr     default         1               2022-04-29 12:59:32.111950055 +0200 CEST        deployed        worker-0.1.0    1.16.0
 workers-git     default         4               2022-04-29 12:50:12.322826487 +0200 CEST        deployed        worker-0.1.0    1.16.0
 workers-pypi    default         1               2022-04-29 12:51:22.506259018 +0200 CEST        deployed        worker-0.1.0    1.16.0
 ```
 
 # Upgrade
 
 When adapting the worker definition, you can apply the changes by upgrading the
 deployed application:
 
 ```
 $ TYPE=git; REL=workers-$TYPE; \
   helm upgrade -f ./loader-$TYPE.staging.values.yaml $REL ../worker
 ```
 
 # Secrets
 
 The current work requires credentials (installed as secret within the cluster):
 - metadata fetcher credentials `metadata-fetcher-credentials`
 - amqp credentials ``
 
 More details describing the secrets:
 ```
 $ kubectl describe secret metadata-fetcher-credentials
 ```
 
 Installed through:
+
 ```
+$ TYPE=git
 $ kubectl -f $SECRET_FILE apply
-# for secret file in {loader-git-metadata-fetcher-credentials,amqp-access-credentials}.yaml
-$ cat loader-git-metadata-fetcher-credentials.yaml
+# for secret file in {
+# loader-$TYPE-metadata-fetcher-credentials.yaml
+# loader-$TYPE-sentry-secrets.yaml
+# amqp-access-credentials.yaml
+# }
+$ cat loader-$TYPE-metadata-fetcher-credentials.yaml
 apiVersion: v1
 kind: Secret
 metadata:
   name: metadata-fetcher-credentials
 type: Opaque
 stringData:
   data: |
     metadata_fetcher_credentials:
       github:
         github:
         - username: <redacted>
           password: <redacted>
         - ...
 $ cat amqp-access-credentials.yaml
 apiVersion: v1
 kind: Secret
 metadata:
   name: amqp-access-credentials
 type: Opaque
 data:
   username: <base64-encoded-pass>  # output of: echo -n 'redacted-pass' | base64
   password: <base64-encoded-pass>
-
+$ cat loaders-$TYPE-sentry-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: loaders-$TYPE-sentry-secrets
+type: Opaque
+stringData:
+  sentry-dsn: https://<redacted>@sentry.softwareheritage.org/8
 ```
diff --git a/sysadmin/T3592-elastic-workers/worker/templates/deployment.yaml b/sysadmin/T3592-elastic-workers/worker/templates/deployment.yaml
index 6924f45..b830ab2 100644
--- a/sysadmin/T3592-elastic-workers/worker/templates/deployment.yaml
+++ b/sysadmin/T3592-elastic-workers/worker/templates/deployment.yaml
@@ -1,78 +1,89 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Values.loader.name }}-{{ .Values.loader.type }}
   labels:
     app: {{ .Values.loader.name }}-{{ .Values.loader.type }}
 spec:
   replicas: {{ .Values.swh.loader.replicas.min }}
   selector:
     matchLabels:
       app: {{ .Values.loader.name }}-{{ .Values.loader.type }}
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: {{ .Values.loader.name }}-{{ .Values.loader.type }}
     spec:
       containers:
       - name: loaders
         image: {{ .Values.swh.loader.image }}:{{ .Values.swh.loader.version }}
         imagePullPolicy: Always
         command:
           - /entrypoint.sh
         resources:
           requests:
             memory: "256Mi"
             cpu: "200m"
           limits:
             memory: "4000Mi"
             cpu: "1200m"
         lifecycle:
           preStop:
            exec:
              command: ["kill", "1"]
         env:
         - name: CONCURRENCY
           value: "1"
         - name: MAX_TASKS_PER_CHILD
           value: "5"
         - name: LOGLEVEL
           value: "INFO"
         - name: SWH_CONFIG_FILENAME
           # FIXME: built by entrypoint.sh, determine how to properly declare this
           value: /tmp/config.yml
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: {{ .Values.sentry.environment }}
+        - name: SWH_MAIN_PACKAGE
+          value: {{ .Values.sentry.swhpackage }}
+        - name: SWH_SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.loader.name }}-{{ .Values.loader.type }}-sentry-secrets
+              key: sentry-dsn
+              # 'name' secret must exist & include key "sentry-dsn"
+              optional: false
         volumeMounts:
           - name: config
             mountPath: /etc/softwareheritage/config.yml
             subPath: config.yml
             readOnly: true
           - name: config
             mountPath: /entrypoint.sh
             subPath: entrypoint.sh
             readOnly: true
           - name: metadata-fetcher-credentials
             mountPath: /etc/credentials/metadata-fetcher
             readOnly: true
           - name: amqp-access-credentials
             mountPath: /etc/credentials/amqp
             readOnly: true
           - mountPath: /tmp
             name: tmp-volume
       volumes:
         - name: config
           configMap:
             name: {{ .Values.loader.name }}-{{ .Values.loader.type }}
             defaultMode: 0777
         - name: tmp-volume
           emptyDir: {}
         - name: metadata-fetcher-credentials
           secret:
             secretName: metadata-fetcher-credentials
         - name: amqp-access-credentials
           secret:
             secretName: amqp-access-credentials
diff --git a/sysadmin/T3592-elastic-workers/worker/values.yaml b/sysadmin/T3592-elastic-workers/worker/values.yaml
index b42aa0e..2888b9d 100644
--- a/sysadmin/T3592-elastic-workers/worker/values.yaml
+++ b/sysadmin/T3592-elastic-workers/worker/values.yaml
@@ -1,21 +1,24 @@
 # Default values for worker.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
 amqp:
   host: amqp
 
 storage:
   host: swh-storage
 
 loader:
   name: loaders
   type: <override>
 
 swh:
   loader:
     image: softwareheritage/loaders
     version: 2022-05-11
     replicas:
       min: 1
       max: 5
+
+sentry:
+  environment: staging