I’m currently making a Mastodon Bot, and I’m not entirely sure how to host it, like where do i ensure the API Access Token’s and such aren’t at risk of public view.
I’ve made sure, and I haven’t pushed yet, but I’ve ensured that .env is inside .gitignore. I’m just unsure, and would love some help. This is just a little project I found on GitHub, and thought I’d might as well learn a few things of how things like this are developed.
Store the access token in an environment variable instead of a file. Not sure which language are you using but for my bot I have this Python code to retrieve the token which is stored in the MASTODON_TOKEN environment var.
TOKEN_ENVIRON_VAR = 'MASTODON_TOKEN' def get_auth_token(): '''Fetches the auth token from the env var.''' try: token = os.environ[TOKEN_ENVIRON_VAR].strip() if not token: raise ValueError() return token except Exception as e: logging.error('Unable to get the auth token for Mastodon') logging.error(e, exc_info=True) sys.exit(-1)I think I am storing it in Railway as well as a .env file. I gitignored .env file so it would be hidden Just in case for some reason railwat didn’t get what I meant by storing the Mastodon credentials.
The main thing that I’m having trouble with now, is Mastodon GUI. Doesn’t let me save what I do, for example, When I go and add the specific scopes of my bot, I hit Save, Mastodon, doesn’t save it.
My dad did tell me something about maybe it’s a database that’s not working correctly When, I guess, a click event or something?
This is all on the mastodon.social instance.
I’ve been using Netlify for smaller apps, but lately Railway has been my go to. Pretty cheap too and it covers mostly everything you’ll need to deploy app regardless of language or framework. Their UI makes it all very easy to manage with the “nodes”.
Both of those services (as do most) give you the option to load environment variables onto the app itself.
So the process is normally this: You have env vars you’re using locally like API tokens that you’re putting in your .env during development. Now you’re ready to deploy. Because you’ve gitignored that file locally, you don’t have to worry about secrets being in your code base, but also, because they’re environment variables, you’re framework will see those variables available in the “box”.
Ultimately, there’s no difference between having stuff in your local .env and injected by a service during deployment. Just make sure the env var keys are the same in each case.
Hope that’s not too confusing. If so, I’m happy to clarify anything.
EDIT: also wanna add that Supabase isn’t that bad. It helps you know exactly what you need it to provide for you and then start searching away to see how to slowly put together each of those pieces. With them, I usually start with the Auth stuff, then move on to my database and storage. Functions last if the project calls for them. There’s quite a bit of info out there if you know specifically what you’re wanting to solve at the moment.
Thanks!
I was going to use Vercel, but that is more for Web Hosting (Web apps), and NetLify. SupaBase was my next big option, but im lost in that lol