Bot token is hardcoded in [contribute.py](http://_vscodecontentref_/1) - should use env variable

Noticed that [contribute.py](vscode-file://vscode-app/c:/Users/avina/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/code/electron-browser/workbench/workbench.html) has the bot token hardcoded on line 7:

`BOT_TOKEN = "Z2l0aHViX3BhdF8xMUFYS0pGVFkwU2VhNW9ORjRyN0E5X053WDAwTVBUUU5RVUNTa2lNNlFYZHJET1lZa3B4cTIxS091YVhkeVhUYmRQMzdVUkZaRWpFMjlRRXM5"`

It's base64 encoded but that's not really protection - takes 2 seconds to decode. Since this is a public repo anyone can grab it.

Should probably move this to an environment variable like [os.environ.get('CONCORE_BOT_TOKEN')](vscode-file://vscode-app/c:/Users/avina/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/code/electron-browser/workbench/workbench.html) or something. Also might want to rotate the current token since it's already out there.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bot token is hardcoded in [contribute.py](http://_vscodecontentref_/1) - should use env variable #200

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bot token is hardcoded in [contribute.py](http://_vscodecontentref_/1) - should use env variable #200

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions