I am making an Economy Discord bot and I want to make the code open source. Currently, I have a private repo for the code. The bot is being hosted on Heroku and is set to whenever the "Master" branch updates, it will auto-deploy the app. But I have 2 details that I dont want the open source repo to have. The bots token and a server url that is used to store users data. I dont want the open source repo to have the server url and the token.
Both the token and server url are stored in a .JSON file which will be accessed from the main index.js file. Here is how it looks like:
{
token: "Token_here",
server: "Server_URL_Here"
}
Is there a way to make it so that Heroku and I will have access to the JSON file but the people who is viewing the open source repo to not see the JSON file? Is this possible?
There are several alternatives, including "git-crypt"
Since you're using Heroku, this might be your best bet:
https://softwareengineering.stackexchange.com/a/182074/76526
The preferred method of keeping passwords/api keys secret on heroku is to set config values via the heroku commandline application. The following example taken from a heroku dev center article
(The below example, and my entire answer relate to rails apps)
$ cd myapp $ heroku config:add S3_KEY=8N029N81 S3_SECRET=9s83109d3+583493190 Adding config vars and restarting myapp... done, v14 S3_KEY: 8N029N81 S3_SECRET: 9s83109d3+583493190
Then reference these config values in your code using the ENV[] variable
AWS::S3::Base.establish_connection!( :access_key_id => ENV['S3_KEY'], :secret_access_key => ENV['S3_SECRET'] )
This way your sensitive passwords are not stored in the git repository. (Note: When running the app locally, set these values in your
.bashrc
fileAlso, I'm not sure what type of application you are running, but in Rails, heroku does not use your database.yml file, it simply sets your database username/password according to your app settings. So you can avoid saving those credentials in git
Also, also, if you are running your own application and want it to remain private, a great alternative to github is bitbucket which offer free private repositories.
ADDENDUM:
It is working now I had to use .env instead of .bashrc and instead of ENV I had to use process.env.TOKEN, also I had to use the dotenv module at the start of the file(npmjs.com/package/dotenv) – Coder Gautam YT
Ok I created .bashrc file for local testing
It looks like
TOKEN="tokenhere"
But when i refer it in code
client.login(ENV[token])
i get ENV is not definedIt is working now I had to use .env instead of .bashrc and instead of ENV I had to use process.env.TOKEN, also I had to use the dotenv module at the start of the file(npmjs.com/package/dotenv)