Skip to content

nuztalgia/botstrap

Botstrap: Logo (Link to Website)

Botstrap

Development Status Botstrap: Latest Version Supported Python Versions
CodeQL Workflow Read the Docs Tests Workflow
CodeFactor: Code Quality Codacy: Code Quality Codecov: Test Coverage

An easy-to-use utility toolbelt for Discord bots written in Python.
Read the docs »

Overview

Do you store your Discord bot token in plaintext? Don't get caught with your pants down. Strap in!

Botstrap is a Python library suit of power armor that perfectly fits your Discord bot. It offers:

  • 🔐 Secure encryption and password protection to keep your bot tokens safe
  • 🤹 A straightforward way to manage multiple tokens and/or bot configurations
  • 🌈 An intuitive, colorful, and customizable command-line interface for your bot
  • 🤝 Out-of-the-box compatibility with all of the most popular Python Discord libraries
  • ... and more to come!

Installation

Python 3.10 or higher is required. It's also generally a good idea to upgrade pip (python -m pip install -U pip).

pip install -U botstrap

For additional/alternative installation instructions, see the documentation.

Quickstart

Coming soon! In the meantime, check out:

Git Hooks

Adding one or both of Botstrap's pre-commit hooks to your git workflow is an easy and seamless way to improve the security of your codebase. (If you're unfamiliar with pre-commit, here's its quickstart guide. Highly recommend!)

See below for descriptions of the available hooks, and add the one(s) you like to your .pre-commit-config.yaml:

- repo: https://github.com/nuztalgia/botstrap
  rev: 0.2.9
  hooks:
    - id: detect-discord-bot-tokens
    - id: detect-encrypted-tokens

🕵️ detect-discord-bot-tokens

This hook checks the contents of your added/changed files every time you git commit, and raises an error if it finds any unencrypted bot tokens. It won't catch any plaintext tokens that you've .gitignore-d or already committed, but it will prevent you from accidentally committing new ones.

Note: This hook is especially useful for bots whose tokens aren't secured by the main Botstrap library - including bots written in languages other than Python!

💂 detect-encrypted-tokens

Although it isn't quite as dangerous to commit your encrypted bot tokens, doing so is still very much a security risk. This hook prevents that from happening by raising an error if you try to git commit a file whose name matches the pattern used by Botstrap's encrypted token files. (Hint: Keep this hook happy by adding *.key to your .gitignore.)

Badges

Let everyone know your Discord bot is secure by adding a badge to your repository's README.md:

Botstrap: On Botstrap: Enabled Tokens: Encrypted Tokens: Secure Botstrap

[![Botstrap](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnuztalgia%2Fbotstrap%2Fmain%2F.github%2Fbadges%2Fbotstrap-on.json)](https://github.com/nuztalgia/botstrap)

You can replace botstrap-on in the above snippet with the text on one of the other badges (e.g. tokens-secure).

For more granular customization options, check out the available style parameters on shields.io.

License

Copyright © 2022 Nuztalgia. Released under the Apache License, Version 2.0.