Skip to content
securing discord bot token on
Profile icon

I went through random tutorials on recently, actually I'm more interested into so I went through random posts and profiles and ofcourse the projects(Yeah me stalky).

So yeah I figured I learn new stuff from random projects, but, looking at few bot source codes on, I found numerous projects where the token was simply left in the file, and putting token somewhere it's publicly accessible, is not good for your bot and it also endangers all those servers your bot's in and has some permissions.

The token is the key to complete access to a Discord Bot. You must not leave it in any file that can be accessed publicly. Not just the Discord Bot token, any sort of authorization token or any API keys you use in your projects. DO NOT store them in files that can be seen and read by everyone.

So now the question may arise,

Where to store the token?

Simple answer? Use .env files.
You can simply put the token in an .env file. And no, the .env file is simply hidden from the public, only people who will be able to access it and read its content are you and the people you give editor access to.

For example, The token for my bot is abcdefg.
Now I may use"abcdefg")

which would be totally stupid since I'm revealing the token and almost like writing there "Come missuse my bot to raid servers where it has permissions to Administrate/manage/kick/ban".

We certainly don't want that to happen, do we?

So I create a new file, named .env, and inside it, I enter


Now in the file, I'll import the os library,

import os

Using the os library, we'll now grab whatever content the TOKEN variable stores in the .env file, and we'll store it in another variable called token in the file.

token = os.environ.get("TOKEN")

And Voila!!

Now the token is stored in a file which is completely hidden from public, and only you and your other fellow editors can access this file.

So here comes the moment where I'm supposed to beg for upvotes?

Actually, No, Only upvote this, if I was able to help you in any manner possible, else don't.
I literally want to see how many people I helped with this post, I dunno if this sounds rude to you, but even it stays at 0 upvotes, I'd like it enough. I just want to see if I was able to stop some bots from getting missused, their permissions in servers getting abused or some servers getting raided, mass mentioned, mass banned/kicked. I'd be happier if I was able to prevent that from happeneing for people.

Thank you!

You are viewing a single comment. View All
Profile icon

oh ok thanks