Project Setup
Configuration files
Once you add your bot to a server, the next step is to start coding and get it online! Let's start by creating a config file for your client token and a main file for your bot application.
As explained in the "What is a token, anyway?" section, your token is essentially your bot's password, and you should protect it as best as possible. This can be done through a config.json file or by using environment variables.
Open your application in the Discord Developer Portal and go to the "Bot" page to copy your token.
Using config.json
Storing data in a config.json file is a common way of keeping your sensitive values safe. Create a config.json file in your project directory and paste in your token. You can access your token inside other files by using require().
{
"token": "your-token-goes-here"
}Danger
If you're using Git, you should not commit files containing secrets. Read on to find out how to exclude them from
versioning by using .gitignore.
Using environment variables
Environment variables are, as the name suggets, values you can pass to your environment (e.g. terminal session, Docker container, node process). This has the benefit that you can keep your code the same for different execution contexts.
A=Hello World
B=123
DISCORD_TOKEN=MTI3NDMxMjA3PDQ3ODIxNzIzNg.G6uEbl.IpA3-9YeScYr9pu9K1utMlpP4p-KJwNxcIAbi8Danger
If you're using Git, you should not commit .env or other environment files containing secrets. Read on to find out
how to exclude them from versioning by using .gitignore.
To use environment variables in Node.js, we recommend you use the command line interface flag --env-file to point to the .env file you want to use. Note that the file name .env is just a convention. You could for example have a .env.development and .env.production file with different values depending on the Discord application you want to run your code.
You can also read multiple environment files by using the --env-file flag multiple times.
node --env-file=.env index.js.env files automatically.The values you specify in .env files this way are exposed through the process.env global variable in any file. Note that values passed this way will always be strings. If you want to do calculations on environment numbers, you will have to parse them:
console.log(process.env.A);
console.log(process.env.B + 9); // 1239 (this concatenates the number to the string!)
console.log(Number(process.env.C) + 9); // 132
console.log(process.env.DISCORD_TOKEN);Online editors
While we generally do not recommend using online editors as hosting solutions, but rather invest in a proper virtual private server, these services do offer ways to keep your credentials safe as well! Please see the respective service's documentation and help articles for more information on how to keep sensitive values safe:
Glitch
Learn more about storing secrets in .env files using Glitch
Heroku
Learn more about configuration variables in Heroku
Replit
Learn more about secrets and environment variables in Replit
Git and .gitignore
Git is a fantastic tool to keep track of your code changes and allows you to upload progress to services like GitHub, GitLab, or Bitbucket. While this is super useful to share code with other developers, it also bears the risk of uploading your configuration files with sensitive values!
You can specify files that Git should ignore in its versioning systems with a .gitignore file. Create a .gitignore file in your project directory and add the names of the files and folders you want to ignore. The following example ignores the config.json and .env files as well as the node_modules directory:
node_modules
.env
config.json.gitignore files can specify intricate patterns and help with your general development flow. Apart from keeping your
credentials safe, you should exclude node_modules from version control as well, its contents can be restored from
the entries in your package.json and package-lock.json files.