Section titled Configuration filesConfiguration files
Once you add your bot to a server, the next step is to start coding and get it online! Let's start by creating a config file to prepare the necessary values your client will need.
As explained in the "What is a token, anyway?" section, your token is essentially your bot's password, and you should protect it as best as possible. This can be done through a config.json file or by using environment variables.
Open your application in the Discord Developer Portal and go to the "Bot" page to copy your token.
Section titled Using config.jsonUsing config.json
Storing data in a config.json file is a common way of keeping your sensitive values safe. Create a config.json file in your project directory and paste in your token. You can access your token inside other files by importing this file.
If you're using Git, you should not commit this file and should ignore it via .gitignore.
Section titled Using environment variablesUsing environment variables
Environment variables are special values for your environment (e.g., terminal session, Docker container, or environment variable file). You can pass these values into your code's scope so that you can use them.
One way to pass in environment variables is via the command line interface. When starting your app, instead of node index.js, use TOKEN=your-token-goes-here node index.js. You can repeat this pattern to expose other values as well.
You can access the set values in your code via the process.env global variable, accessible in any file. Note that values passed this way will always be strings and that you might need to parse them to a number, if using them to do calculations.
Section titled Using dotenvUsing dotenv
Another common approach is storing these values in a .env file. This spares you from always copying your token into the command line. Each line in a .env file should hold a KEY=value pair.
You can use the dotenv package for this. Once installed, require and use the package to load your .env file and attach the variables to process.env:
If you're using Git, you should not commit this file and should ignore it via .gitignore.
While we generally do not recommend using online editors as hosting solutions, but rather invest in a proper virtual private server, these services do offer ways to keep your credentials safe as well! Please see the respective service's documentation and help articles for more information on how to keep sensitive values safe:
- Glitch: Storing secrets in .env
- Heroku: Configuration variables
- Replit: Secrets and environment variables
Section titled Git and .gitignoreGit and .gitignore
Git is a fantastic tool to keep track of your code changes and allows you to upload progress to services like GitHub, GitLab, or Bitbucket. While this is super useful to share code with other developers, it also bears the risk of uploading your configuration files with sensitive values!
You can specify files that Git should ignore in its versioning systems with a*.gitignore* file. Create a .gitignore file in your project directory and add the names of the files and folders you want to ignore:
_10node_modules_10.env_10config.json
Aside from keeping credentials safe, node_modules should be included here. Since this directory can be restored based on the entries in your package.json and package-lock.json files by running npm install, it does not need to be included in Git.
You can specify quite intricate patterns in .gitignore files, check out the Git documentation on .gitignore for more information!