If you want to use a variable on the client-side during runtime, you need to make it public. The client-side needs to see the DSN to know where to send the errors to.

Your frontend is always public. As soon as you open the browser inspection tools, you are able to see the (minified) code, the network requests etc.

Just make sure to keep your Sentry Auth Token secret - this one is only used during build time.