search

Glayson0 / Nova-bot

Um bot do Telegram para passar informações da Unicamp como horário dos onibus e do bandeco
3 stars 0 forks source link

Separate API token into files (Optional) #26

Open Sergio-Daniel-Pires opened 1 month ago

Sergio-Daniel-Pires commented 1 month ago
  1. Search about environment variables
  2. Set API token as env var
  3. Split into two tokens, Dev token (everyone can see, new bot, only for tests, can have some bugs) and Production token (bot for users, no bugs here)
  4. Save DEV API token as env var and loads when python needs.
  5. Save PROD API token as github secret (only deploy will see)
yellowisk commented 1 month ago

Should we hide the .env file using .gitignore?

Sergio-Daniel-Pires commented 1 month ago

You need .env file for Common .env things, like database connections, bot name, production label (prod or Dev), but you need to separate sensitive data like password and Secrets. Working on a real projects, we use "Github Secrets" for overwrite .env on build, but for now you Just need a separated file: .env (normal env, not Secrets) secret.env (or other name, for Secrets things) And create a python file to get secrets, like this: https://stackoverflow.com/questions/41546883/what-is-the-use-of-python-dotenv