I’m currently making a Mastodon Bot, and I’m not entirely sure how to host it, like where do i ensure the API Access Token’s and such aren’t at risk of public view.
I’ve made sure, and I haven’t pushed yet, but I’ve ensured that .env is inside .gitignore. I’m just unsure, and would love some help. This is just a little project I found on GitHub, and thought I’d might as well learn a few things of how things like this are developed.
I’ve been using Netlify for smaller apps, but lately Railway has been my go to. Pretty cheap too and it covers mostly everything you’ll need to deploy app regardless of language or framework. Their UI makes it all very easy to manage with the “nodes”.
Both of those services (as do most) give you the option to load environment variables onto the app itself.
So the process is normally this: You have env vars you’re using locally like API tokens that you’re putting in your .env during development. Now you’re ready to deploy. Because you’ve gitignored that file locally, you don’t have to worry about secrets being in your code base, but also, because they’re environment variables, you’re framework will see those variables available in the “box”.
Ultimately, there’s no difference between having stuff in your local .env and injected by a service during deployment. Just make sure the env var keys are the same in each case.
Hope that’s not too confusing. If so, I’m happy to clarify anything.
EDIT: also wanna add that Supabase isn’t that bad. It helps you know exactly what you need it to provide for you and then start searching away to see how to slowly put together each of those pieces. With them, I usually start with the Auth stuff, then move on to my database and storage. Functions last if the project calls for them. There’s quite a bit of info out there if you know specifically what you’re wanting to solve at the moment.
Thanks!
I was going to use Vercel, but that is more for Web Hosting (Web apps), and NetLify. SupaBase was my next big option, but im lost in that lol