.env is safe? Can't steable?

.env File is safe ? because some stupids saying ‘We can steal your Bot Token bla blabalbalba’
its possible ?

I personally have been using .env for more then my Bot Token only, and from what I’ve seen it’s safe, i’ve myself tried hacking into .env and I wasn’t able to. There’s probably a way though… Well the only place you want to make sure your token isn’t posted is on Github…

Hope that helps:)

Hi @DiscordPug, this is a great question! You can read more about this in our .env file help doc. Simply put, only project members can see the values in your .env file even in public projects, and it’s excluded from being checked into your project’s git repo (so it doesn’t get exported when you export to GitHub, for instance). If you ask for help and let someone enter your project to help they can’t see the values, but they could write code that would read from the project’s environment variables, which is where everything in .env end up, so you have to keep that in mind.

So, generally speaking your env file is safe aside from a few caveats, and we don’t know of anyone who’s breached its security aside from those notes - if you have information that that’s happening we want to know right away! In my opinion using the .env file is far superior to storing it in a config file that might be accidentally exposed to the public or to GitHub.

Hope this helps!