Secrets (Enviornments)
Use `os.secrets` to securely access sensitive data such as API keys, tokens, or credentials in your bot logic.
Access Syntax
- Replace
API_KEYwith the name of your configured secret. - All secret keys must be valid identifiers (A–Z, 0–9, and underscores).
Example
Use Cases
os.secrets.TOKEN– Store some tokenos.secrets.DB_PASSWORD– Database access credentialsos.secrets.OPENAI_KEY– AI service API keyos.secrets.STRIPE_SECRET– Payment service keys
Best Practices of Secrets
| ✅ Recommended | 🚫 Avoid |
|---|---|
Use os.secrets for all sensitive data | Don’t hardcode secrets in your scripts |
| Use descriptive and scoped names | Don’t log full secret values |
| Validate secret existence before use | Don’t assume secrets are always present |
Advantages
- ✅ Secure – Secrets are not exposed in logs or user-facing output.
- ✅ Flexible – Can be configured per environment (e.g., dev vs. prod).
- ✅ Maintainable – Makes bot logic clean and deployment-ready.
Notes
- If a secret key does not exist,
os.secrets.KEYreturnsundefined. - You can’t dynamically list or loop over all secrets — access them by name.