Configuration files

Once you add your bot to a server, the next step is to start coding and get it online! Let's start by creating a config file for your client token and a main file for your bot application.

As explained in the "What is a token, anyway?" section, your token is essentially your bot's password, and you should protect it as best as possible. This can be done through a config.json file or by using environment variables.

Open your application in the Discord Developer Portalopen in new window and go to the "Bot" page to copy your token.

Using config.json

Storing data in a config.json file is a common way of keeping your sensitive values safe. Create a config.json file in your project directory and paste in your token. You can access your token inside other files by using require().

{
	"token": "your-token-goes-here"
}
1
2
3
const { token } = require('./config.json');

console.log(token);
1
2
3

DANGER

If you're using Git, you should not commit this file and should ignore it via .gitignore.

Using environment variables

Environment variables are special values for your environment (e.g., terminal session, Docker container, or environment variable file). You can pass these values into your code's scope so that you can use them.

One way to pass in environment variables is via the command line interface. When starting your app, instead of node index.js, use TOKEN=your-token-goes-here node index.js. You can repeat this pattern to expose other values as well.

You can access the set values in your code via the process.env global variable, accessible in any file. Note that values passed this way will always be strings and that you might need to parse them to a number, if using them to do calculations.

A=123 B=456 DISCORD_TOKEN=your-token-goes-here node index.js
console.log(process.env.A);
console.log(process.env.B);
console.log(process.env.DISCORD_TOKEN);
1
2
3

Using dotenv

Another common approach is storing these values in a .env file. This spares you from always copying your token into the command line. Each line in a .env file should hold a KEY=value pair.

You can use the dotenv packageopen in new window for this. Once installed, require and use the package to load your .env file and attach the variables to process.env:

npm install dotenv
yarn add dotenv
pnpm add dotenv
A=123
B=456
DISCORD_TOKEN=your-token-goes-here
1
2
3
const dotenv = require('dotenv');

dotenv.config();

console.log(process.env.A);
console.log(process.env.B);
console.log(process.env.DISCORD_TOKEN);
1
2
3
4
5
6
7

DANGER

If you're using Git, you should not commit this file and should ignore it via .gitignore.

Online editors (Glitch, Heroku, Replit, etc.)

While we generally do not recommend using online editors as hosting solutions, but rather invest in a proper virtual private server, these services do offer ways to keep your credentials safe as well! Please see the respective service's documentation and help articles for more information on how to keep sensitive values safe:

Git and .gitignore

Git is a fantastic tool to keep track of your code changes and allows you to upload progress to services like GitHubopen in new window, GitLabopen in new window, or Bitbucketopen in new window. While this is super useful to share code with other developers, it also bears the risk of uploading your configuration files with sensitive values!

You can specify files that Git should ignore in its versioning systems with a .gitignore file. Create a .gitignore file in your project directory and add the names of the files and folders you want to ignore:

node_modules
.env
config.json
1
2
3

TIP

Aside from keeping credentials safe, node_modules should be included here. Since this directory can be restored based on the entries in your package.json and package-lock.json files by running npm install, it does not need to be included in Git.

You can specify quite intricate patterns in .gitignore files, check out the Git documentation on .gitignoreopen in new window for more information!