0

I want to run a Discord bot of mine on Heroku, however i am scared that through missunderstanding how it works i will accidently make my API keys publicly visible. Is there a best practice solution that i could follow here?

This is what i would try:

  • Clone the git repo (the code there obviously having the API keys removed)
  • Manually add the keys without commiting the changes
  • Pushing the code with the keys to the heroku remote master

However i am not 100% sure if pushing the code with the keys to a remote master will be something that others could see, so i would rather be safe than sorry.

Flying Thunder
  • 890
  • 2
  • 11
  • 37
  • 1
    You can't push uncommitted code to a remote, so you'd have to make and then undo the commit. Instead you should [store config in the environment](https://12factor.net/config) and read if from there. – jonrsharpe Jul 23 '20 at 08:26
  • so instead of creating a .env and commiting it without the keys, i should just not commit it at all and manually add it to the environment? thanks, ill have to check how to actually do that in Heroku but it sounds good – Flying Thunder Jul 23 '20 at 08:31
  • 1
    That's covered in https://devcenter.heroku.com/articles/config-vars - you can still have a `.env` to set those things in your dev environment. – jonrsharpe Jul 23 '20 at 08:33
  • https://stackoverflow.com/search?q=%5Bgit%5D+%5Bheroku%5D+password, https://stackoverflow.com/search?q=%5Bgit%5D+%5Bheroku%5D+secrets – phd Jul 23 '20 at 11:51

0 Answers0