Where are secrets kept in Telegram Bots?
Question:
I’m developing a Telegram Bot which will make HTTP request to an external API which requires an API key.
Is there a special place wherein secrets like this should be kept in Telegram Bots? The one that Telegram API or SDK may provide?
Or is it normal to store them in the source code hardcoded?
Answers:
Do not store them in the source code, if you send that code to somebody later, you might forget to remove the key.
Instead, put it in a .env
file, and load it into memory using os.environ
.
How the contents of .env
could look like:
API_KEY=SECRET_HERE123
from dotenv import load_dotenv
import os
load_dotenv()
print(os.environ["API_KEY"])
I’m developing a Telegram Bot which will make HTTP request to an external API which requires an API key.
Is there a special place wherein secrets like this should be kept in Telegram Bots? The one that Telegram API or SDK may provide?
Or is it normal to store them in the source code hardcoded?
Do not store them in the source code, if you send that code to somebody later, you might forget to remove the key.
Instead, put it in a .env
file, and load it into memory using os.environ
.
How the contents of .env
could look like:
API_KEY=SECRET_HERE123
from dotenv import load_dotenv
import os
load_dotenv()
print(os.environ["API_KEY"])