Methods to hide your bot's token - discordrb/discordrb GitHub Wiki

Don't share your bot's token with anyone!

Your application's token is essentially the password to your bot's account. If this token is shared publicly, then anyone can log into your bot's account and do whatever they like with it.

It is strongly recommended that you take steps to hide your token when hosting an open-source bot on GitHub, or other public platforms, that can be viewed by anyone.

Below are several methods to do this.

1. Configatron

A super cool, simple, and feature rich configuration system for Ruby apps.

  • Add gem 'configatron' to your Gemfile and run bundle install or run gem install configatron.
  • Create a File called example.config.rb and put following content in it: configatron.token = 'YOUR_TOKEN'.
  • Copy example.config.rb to config.rb and write your token in config.rb but not in example.config.rb.
  • Add config.rb to your so called .gitignore (This prevents git from tracking the file).
  • Add require 'configatron' and require_relative 'config.rb' on a new lines in your main project.

A bot init will look like the following:

require 'discordrb'
require 'configatron'
require_relative 'config.rb'

bot = Discordrb::Bot.new token: configatron.token

2. DotENV

Loads environment variables from .env

  • Add gem 'dotenv' to your Gemfile and run bundle install or run gem install dotenv
  • Create a File called .env
  • Edit .env and put your token with the following syntax in it: TOKEN=YOUR_TOKEN (no spaces)
  • Add .env to your .gitignore file (This prevents git from tracking the file).

A bot init will look like the following:

require 'discordrb'
require 'dotenv/load'
# or
# require 'dotenv'
# Dotenv.load

bot = Discordrb::Bot.new token: ENV['TOKEN']

3. YAML

YAML files are simple text files for storing data in a simple, human-readable format.

You should already have YAML parser; it is part of Ruby.

  • Create a file named example.config.yaml with the following content:
---
token: YOUR_TOKEN
  • copy example.config.yaml to config.yaml and insert your own token for YOUR_TOKEN
  • Add config.yaml to your .gitignore file (This prevents git from tracking the file).

A bot init will look like the following:

require 'discordrb'
require 'yaml'

CONFIG = YAML.load_file('config.yaml')
bot = Discordrb::Bot.new token: CONFIG['token']