securing discord bot token on repl.it
I went through random tutorials on repl.it recently, actually I'm more interested into discord.py so I went through random posts and profiles and ofcourse the projects(Yeah me stalky).
So yeah I figured I learn new stuff from random projects, but, looking at few discord.py bot source codes on repl.it, I found numerous projects where the token was simply left in the main.py file, and putting token somewhere it's publicly accessible, is not good for your bot and it also endangers all those servers your bot's in and has some permissions.
The token is the key to complete access to a Discord Bot. You must not leave it in any file that can be accessed publicly. Not just the Discord Bot token, any sort of authorization token or any API keys you use in your projects. DO NOT store them in files that can be seen and read by everyone.
So now the question may arise,
Simple answer? Use
You can simply put the token in an
.env file. And no, the
.env file is simply hidden from the public, only people who will be able to access it and read its content are you and the people you give editor access to.
For example, The token for my bot is
Now I may use
which would be totally stupid since I'm revealing the token and almost like writing there "Come missuse my bot to raid servers where it has permissions to Administrate/manage/kick/ban".
We certainly don't want that to happen, do we?
So I create a new file, named
.env, and inside it, I enter
Now in the main.py file, I'll import the
os library, we'll now grab whatever content the
TOKEN variable stores in the
.env file, and we'll store it in another variable called
token in the main.py file.
token = os.environ.get("TOKEN") bot.run(token)
Now the token is stored in a file which is completely hidden from public, and only you and your other fellow editors can access this file.
So here comes the moment where I'm supposed to beg for upvotes?
Actually, No, Only upvote this, if I was able to help you in any manner possible, else don't.
I literally want to see how many people I helped with this post, I dunno if this sounds rude to you, but even it stays at 0 upvotes, I'd like it enough. I just want to see if I was able to stop some bots from getting missused, their permissions in servers getting abused or some servers getting raided, mass mentioned, mass banned/kicked. I'd be happier if I was able to prevent that from happeneing for people.
great! ive always stored my token in a
.env file though, liking your tutorials!
Have you created any discord bots?