Section titled Configuration filesConfiguration files

Once you add your bot to a server, the next step is to start coding and get it online! Let's start by creating a config file to prepare the necessary values your client will need.

As explained in the "What is a token, anyway?" section, your token is essentially your bot's password, and you should protect it as best as possible. This can be done through a config.json file or by using environment variables.

Open your application in the Discord Developer Portal and go to the "Bot" page to copy your token.

Section titled Using config.jsonUsing config.json

Storing data in a config.json file is a common way of keeping your sensitive values safe. Create a config.json file in your project directory and paste in your token. You can access your token inside other files by importing this file.

config.json

index.js

{
	"token": "your-token-goes-here"
}

If you're using Git, you should not commit this file and should ignore it via .gitignore.

Danger

Section titled Using environment variablesUsing environment variables

Environment variables are special values for your environment (e.g., terminal session, Docker container, or environment variable file). You can pass these values into your code's scope so that you can use them.

One way to pass in environment variables is via the command line interface. When starting your app, instead of node index.js, use TOKEN=your-token-goes-here node index.js. You can repeat this pattern to expose other values as well.

You can access the set values in your code via the process.env global variable, accessible in any file. Note that values passed this way will always be strings and that you might need to parse them to a number, if using them to do calculations.

Shell

index.js

A=123 B=456 DISCORD_TOKEN=your-token-goes-here node index.js

Section titled Using dotenvUsing dotenv

Another common approach is storing these values in a .env file. This spares you from always copying your token into the command line. Each line in a .env file should hold a KEY=value pair.

You can use the dotenv package for this. Once installed, require and use the package to load your .env file and attach the variables to process.env:

npm

yarn

pnpm

npm install dotenv

.env

index.js

A=123
B=456
DISCORD_TOKEN=your-token-goes-here

If you're using Git, you should not commit this file and should ignore it via .gitignore.

Danger

While we generally do not recommend using online editors as hosting solutions, but rather invest in a proper virtual private server, these services do offer ways to keep your credentials safe as well! Please see the respective service's documentation and help articles for more information on how to keep sensitive values safe:

Glitch: Storing secrets in .env
Heroku: Configuration variables
Replit: Secrets and environment variables

Online editors (Glitch, Heroku, Replit, etc.)

Section titled Git and .gitignoreGit and .gitignore

Git is a fantastic tool to keep track of your code changes and allows you to upload progress to services like GitHub, GitLab, or Bitbucket. While this is super useful to share code with other developers, it also bears the risk of uploading your configuration files with sensitive values!

You can specify files that Git should ignore in its versioning systems with a*.gitignore* file. Create a .gitignore file in your project directory and add the names of the files and folders you want to ignore:

node_modules
.env
config.json

Aside from keeping credentials safe, node_modules should be included here. Since this directory can be restored based on the entries in your package.json and package-lock.json files by running npm install, it does not need to be included in Git.

You can specify quite intricate patterns in .gitignore files, check out the Git documentation on .gitignore for more information!

Tip