python dotenv_使用dotenv在python中隐藏敏感信息

python dotenv

教程| Python | Dotenv (Tutorial | Python | dotenv)

In a previous post, I left a Discord token in the script. This is not the ideal way to code, especially if I don’t want to regenerate my tokens every time I share code. Using credentials and API tokens in your data science and programming projects is inevitable, but leaving them exposed is avoidable. Using the dotenv python module can help keep these sensitive bits of information safe from prying eyes.

在上一篇文章中，我在脚本中留下了Discord令牌。 这不是理想的编码方式，尤其是如果我不想在每次共享代码时都重新生成令牌时，尤其如此。 在数据科学和编程项目中不可避免地使用凭证和API令牌，但是可以避免将它们暴露出来。 使用dotenv python模块可以帮助防止这些敏感信息被窥视。

In a previous post I went through the steps to create a Discord bot using Discord.py in python. That example will be continued here, but the same idea can be used in any code that uses sensitive credentials or API tokens

在上一篇文章中，我介绍了使用python中的Discord.py创建Discord机器人的步骤。 该示例将在此处继续，但是在使用敏感凭据或API令​​牌的任何代码中都可以使用相同的想法

问题(The Problem)

You have completed your brand new Discord bot and want to share your code with the world. Naturally, you upload it to GitHub and send out the link. Soon the bot stops working. Why? You left your API token in the code and someone took over your bot.

您已经完成了全新的Discord僵尸程序，并想与世界共享您的代码。 自然，您将其上传到GitHub并发送链接。 僵尸程序很快就会停止工作。 为什么？ 您将API令牌留在了代码中，然后有人接管了您的漫游器。

You left your API token in the code and someone took over your bot

您将API令牌留在了代码中，然后有人接管了您的漫游器

API tokens give enormous amounts of power to control applications. With certain API’s, usage is monitored and you will even be billed for your usage! Fortunately Discord doesn’t charge you, but you still need to keep your credentials safe when using them in your coding projects.

API令牌为控制应用程序提供了巨大的功能。 使用某些API，可以监控使用情况，甚至还会向您收取使用费用！ 幸运的是，Discord不会向您收费，但是在您的编码项目中使用凭据时，仍然需要确保凭据安全。

解决方案 (The Solution)

Enter environment variables. Jim Medlock has a great explanation of what they are in his An Introduction to Environment Variables and How to Use Them. In that post he says:

输入环境变量。 吉姆•梅德洛克(Jim Medlock)在“