javascriptnode.jsbotsslackbolt

I have a message error about my signingSecret for slack bot

I'm a begginer in development and I try to develop a slack bot with the following code:

const {App} = require('@slack/bolt');

const app = new App ({
    token : process.env.SLACK_BOT_TOKEN,
    signingSecret: process.env.SLACK_SIGNING_SECRET
});

(async () => {
    await app.start(process.env.PORT || 3000);
})();

for my .env:

{
  SLACK_BOT_TOKEN = "my token",
  SLACK_SIGNING_SECRET = "my Signing Secret"
}

and my package.json:

"scripts": {
    "dev":"nodemon slack.js"
  },
  "dependencies": {
    "@slack/bolt": "^3.11.0",
}

but it doesn't works. I have this message:

AppInitializationError: signingSecret is required to initialize the default receiver. Set signingSecret or use a custom receiver. You can find your Signing Secret in your Slack App Settings.

When I refer to the documentation of Slack, and after verification and code review, it seems to be the same, someone knows why ?

Solution

  • When you use process.env.{SOME_VARIABLE} you are referring to your local system variable during the execution of your js script, so it means that they should be sourced in some way. As it already sad Ali Rashidi you can use dotenv npm package to achieve the goal, but personally i prefer just loading them via configuration file, or even better just source your .env file in your shell before starting your script ie:

    source .env
node yourscript.js

    Note: This approach requires a manual sourcing every time of your .env file so it's not so practical way

    Instead you can try to do something like

    // slack_configuration.json
{

   "SLACK_BOT_TOKEN": "YOUR TOKEN",
   "SLACK_SIGNING_SECRET": "YOUR SIGNING SECRET"
}

    const { App } = require('@slack/bolt');

const slackConfiguration = require('./slack_configuration.json')

const app = new App ({
    token : slackConfiguration.SLACK_BOT_TOKEN,
    signingSecret: slackConfiguration.SLACK_SIGNING_SECRET
});

(async () => {
    await app.start(process.env.PORT || 3000);
})();

    in general this kind of approach is preferred in local machine and not in specific container designed with the purpose to only run the application, as it more secure, all you SECRET should not be accessed via .env as they are accessible to all process in the system so they are exposed