I’m currently making a Mastodon Bot, and I’m not entirely sure how to host it, like where do i ensure the API Access Token’s and such aren’t at risk of public view.
I’ve made sure, and I haven’t pushed yet, but I’ve ensured that .env is inside .gitignore. I’m just unsure, and would love some help. This is just a little project I found on GitHub, and thought I’d might as well learn a few things of how things like this are developed.
Store the access token in an environment variable instead of a file. Not sure which language are you using but for my bot I have this Python code to retrieve the token which is stored in the MASTODON_TOKEN environment var.
TOKEN_ENVIRON_VAR = 'MASTODON_TOKEN' def get_auth_token(): '''Fetches the auth token from the env var.''' try: token = os.environ[TOKEN_ENVIRON_VAR].strip() if not token: raise ValueError() return token except Exception as e: logging.error('Unable to get the auth token for Mastodon') logging.error(e, exc_info=True) sys.exit(-1)I think I am storing it in Railway as well as a .env file. I gitignored .env file so it would be hidden Just in case for some reason railwat didn’t get what I meant by storing the Mastodon credentials.
The main thing that I’m having trouble with now, is Mastodon GUI. Doesn’t let me save what I do, for example, When I go and add the specific scopes of my bot, I hit Save, Mastodon, doesn’t save it.
My dad did tell me something about maybe it’s a database that’s not working correctly When, I guess, a click event or something?
This is all on the mastodon.social instance.