Prevent your API keys and Discord bot tokens from being stolen when using replit
Everyone can see your code created using replit.
It's really important that you don't set your API keys and other secret credentials directly in your code.
This isn't just for NovaAI, but for all your projects.
How to add new secrets
It's really simple:
- Click the lock icon in the left sidebar
-
Set
keyto something likeNOVA_API_KEYorDISCORD_BOT_TOKEN(don't use spaces etc.) and the fieldvalueto your API key/token that you want to hide. - Click Add new secret
- Now, you'll need to change the code a bit. Don't worry, it's just one or two lines.
How to use secrets in your code
In the following example, we're assuming you have just created a new NOVA_API_KEY secret.
Python
To set the variable nova_api_key to the value of the secret, use the following code:
import os
nova_api_key = os.environ['NOVA_API_KEY']For example, if you want to use the openai Python library, your code might look a bit like this:
import openai as novaai
import os
novaai.api_base = 'https://api.nova-oss.com/v1'
novaai.api_key = os.environ['NOVA_API_KEY']
# ...Node.js
To set the variable novaApiKey to the value of the secret, use the following code:
const novaApiKey = process.env.NOVA_API_KEYIf you're using discord.js, your code might look a bit like this:
const Discord = require('discord.js')
const client = new Discord.Client()
// ...
client.login(process.env.DISCORD_BOT_TOKEN)Need help?
Learn more in the replit documentation Here's a nice, well explained video tutorial by the team behind replit on how to use secrets: https://youtu.be/Xrg2XP1JJec And here's a shorter, but unofficial video tutorial by https://youtu.be/BKlv__1OoGc?t=24.