Okay so you've probably considered making your bot open-source and that's fine but there's one thing EVERYONE should note before pushing their current progress to GitHub:
HIDE YOUR TOKENS. THESE ARE A KEY TO LOGGING IN AND INTERACTING WITH THE DISCORD API. DON'T GIVE IT TO ANYONE YOU DON'T TRUST, LET ALONE GITHUB.
- Create a config file (JSON is frequently used for bot configs, YAML also works) in the root (root meaning the base of the folder)
of your bot folder.
I'll use JSON to demonstrate:
Make a file called config.json
Put the following in your file:
{
"token": "YOUR_BOTS_TOKEN"
}
- Create a file on your repo called
.gitignore
, anything in this file (directory (folder) or file) will be ignored when pushing your code - Add
config.json
to the.gitignore
file - Push your code! No more leaked tokens, yay!
As a sidenote, this is how you'd utilize your newly-made config file:
(JavaScript used in example below, works for any language that supports JSON)
// Basic bot that utilizes the configuration file
const Discord = require('discord.js');
const client = new Discord.Client();
const config = require('./config.json');
// You could also use the following:
// const { token } = require('./config.json');
// client.login(token);
// Either works
client.on('ready', () => {
console.log('I am ready');
});
client.on('message', msg => {
if(msg.content === 'ping') {
msg.reply('pong');
}
});
client.login(config.token); // Logs in with the token you specified in config.json
Storing your bot's token as an environment variable also works
NEW Official repository for this Gist: https://github.com/missingbinaries/protecting-bot-tokens
any clues on how to do this with python?