Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Comprehensive Cloudflare platform skill covering Workers, D1, R2, KV, AI, Durable Objects, and security.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/secrets-store/configuration.md
1# Configuration23## Wrangler Config45### Basic Binding67**wrangler.jsonc**:89```jsonc10{11"secrets_store_secrets": [12{13"binding": "API_KEY",14"store_id": "abc123",15"secret_name": "stripe_api_key"16}17]18}19```2021**wrangler.toml** (alternative):2223```toml24[[secrets_store_secrets]]25binding = "API_KEY"26store_id = "abc123"27secret_name = "stripe_api_key"28```2930Fields:31- `binding`: Variable name for `env` access32- `store_id`: From `wrangler secrets-store store list`33- `secret_name`: Identifier (no spaces)3435### Environment-Specific3637**wrangler.jsonc**:3839```jsonc40{41"env": {42"production": {43"secrets_store_secrets": [44{45"binding": "API_KEY",46"store_id": "prod-store",47"secret_name": "prod_api_key"48}49]50},51"staging": {52"secrets_store_secrets": [53{54"binding": "API_KEY",55"store_id": "staging-store",56"secret_name": "staging_api_key"57}58]59}60}61}62```6364**wrangler.toml** (alternative):6566```toml67[env.production]68[[env.production.secrets_store_secrets]]69binding = "API_KEY"70store_id = "prod-store"71secret_name = "prod_api_key"7273[env.staging]74[[env.staging.secrets_store_secrets]]75binding = "API_KEY"76store_id = "staging-store"77secret_name = "staging_api_key"78```7980## Wrangler Commands8182### Store Management8384```bash85wrangler secrets-store store list86wrangler secrets-store store create my-store --remote87wrangler secrets-store store delete <store-id> --remote88```8990### Secret Management (Production)9192```bash93# Create (interactive)94wrangler secrets-store secret create <store-id> \95--name MY_SECRET --scopes workers --remote9697# Create (piped)98cat secret.txt | wrangler secrets-store secret create <store-id> \99--name MY_SECRET --scopes workers --remote100101# List/get/update/delete102wrangler secrets-store secret list <store-id> --remote103wrangler secrets-store secret get <store-id> --name MY_SECRET --remote104wrangler secrets-store secret update <store-id> --name MY_SECRET --new-value "val" --remote105wrangler secrets-store secret delete <store-id> --name MY_SECRET --remote106107# Duplicate108wrangler secrets-store secret duplicate <store-id> \109--name ORIG --new-name COPY --remote110```111112### Local Development113114**CRITICAL**: Production secrets (`--remote`) NOT accessible in local dev.115116```bash117# Create local-only (no --remote)118wrangler secrets-store secret create <store-id> --name DEV_KEY --scopes workers119120wrangler dev # Uses local secrets121wrangler deploy # Uses production secrets122```123124Best practice: Separate names for local/prod:125126```jsonc127{128"env": {129"development": {130"secrets_store_secrets": [131{ "binding": "API_KEY", "store_id": "store", "secret_name": "dev_api_key" }132]133},134"production": {135"secrets_store_secrets": [136{ "binding": "API_KEY", "store_id": "store", "secret_name": "prod_api_key" }137]138}139}140}141```142143## Dashboard144145### Creating Secrets1461471. **Secrets Store** → **Create secret**1482. Fill: Name (no spaces), Value, Scope (`Workers`), Comment1493. **Save** (value hidden after)150151### Adding Bindings152153**Method 1**: Worker → Settings → Bindings → Add → Secrets Store154**Method 2**: Create secret directly from Worker settings dropdown155156Deploy options:157- **Deploy**: Immediate 100%158- **Save version**: Gradual rollout159160## CI/CD161162### GitHub Actions163164```yaml165- name: Create secret166env:167CLOUDFLARE_API_TOKEN: ${{ secrets.CF_TOKEN }}168run: |169echo "${{ secrets.API_KEY }}" | \170npx wrangler secrets-store secret create $STORE_ID \171--name API_KEY --scopes workers --remote172173- name: Deploy174run: npx wrangler deploy175```176177### GitLab CI178179```yaml180script:181- echo "$API_KEY_VALUE" | npx wrangler secrets-store secret create $STORE_ID --name API_KEY --scopes workers --remote182- npx wrangler deploy183```184185See: [api.md](./api.md), [patterns.md](./patterns.md)186