Do you store your Discord bot token in plaintext? Don't get caught with your pants down. Strap in!
Botstrap is a Python library suit of power armor that perfectly fits your
Discord bot. It offers:
- 🔐 Secure encryption and password protection to keep your bot tokens safe
- 🤹 A straightforward way to manage multiple tokens and/or bot configurations
- 🌈 An intuitive, colorful, and customizable command-line interface for your bot
- 🤝 Out-of-the-box compatibility with all of the most popular Python Discord libraries
- ... and more to come!
Python 3.10 or higher is required. It's also generally a good idea to upgrade pip
(python -m pip install -U pip
).
pip install -U botstrap
For additional/alternative installation instructions, see the documentation.
Coming soon! In the meantime, check out:
- The examples directory
- Starter bot templates for various Discord libraries
- And most importantly: The extremely detailed Botstrap API Reference
Adding one or both of Botstrap's pre-commit hooks to your git
workflow is an easy
and seamless way to improve the security of your codebase. (If you're unfamiliar with
pre-commit, here's its quickstart guide. Highly recommend!)
See below for descriptions of the available hooks, and add the one(s) you like to your
.pre-commit-config.yaml
:
- repo: https://github.com/nuztalgia/botstrap
rev: 0.2.9
hooks:
- id: detect-discord-bot-tokens
- id: detect-encrypted-tokens
This hook checks the contents of your added/changed files every time you git commit
,
and raises an error if it finds any unencrypted bot tokens. It won't catch any plaintext
tokens that you've .gitignore
-d or already committed, but it will prevent you from
accidentally committing new ones.
Note: This hook is especially useful for bots whose tokens aren't secured by the main Botstrap library - including bots written in languages other than Python! ✨
Although it isn't quite as dangerous to commit your encrypted bot tokens, doing so is
still very much a security risk. This hook prevents that from happening by raising an
error if you try to git commit
a file whose name matches the pattern used by
Botstrap's encrypted token files. (Hint: Keep this hook happy by adding *.key
to
your .gitignore
.)
Let everyone know your Discord bot is secure by adding a badge to your repository's
README.md
:
[![Botstrap](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnuztalgia%2Fbotstrap%2Fmain%2F.github%2Fbadges%2Fbotstrap-on.json)](https://github.com/nuztalgia/botstrap)
You can replace botstrap-on
in the above snippet with the text on one of the other
badges (e.g. tokens-secure
).
For more granular customization options, check out the available style parameters on shields.io.
Copyright © 2022 Nuztalgia. Released under the Apache License, Version 2.0.