Cloudflare Docs
Workers
Cloudflare Docs
Workers
GitHub icon
Visit Workers on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. Workers
  3. Configuration
  4. Secrets

Secrets

​​ Background

Secrets are environment variables that are encrypted and not visible after they are set. Secrets are used for storing sensitive information like API keys and auth tokens. Secrets are available on the env parameter passed to your Worker’s fetch event handler.

​​ Add secrets to your project

​​ Secrets in development

When developing your Worker locally, create a .dev.vars file in the root of your project to define secrets that will be available to your Worker when running wrangler dev.

The .dev.vars file should be formatted like a dotenv file.

.dev.vars
SECRET_KEY=value
API_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

​​ Secrets on deployed Workers

​​ Via Wrangler

To add a secret to a Worker, run the wrangler secret put command in your terminal, where <KEY> is the name of your secret:

wrangler secret put
$ wrangler secret put <KEY>

​​ Via the dashboard

To add a secret via the dashboard:

  1. Log in to Cloudflare dashboard and select your account.
  2. Select Workers & Pages.
  3. In Overview, select your Worker > Settings.
  4. Under Environment Variables, select Add variable.
  5. Input a Variable name and its value, which will be made available to your Worker.
  6. Select Encrypt to protect the secret’s value. This will prevent the value from being visible via Wrangler and the dashboard.
  7. (Optional) To add multiple secrets, select Add variable.
  8. Select Save to implement your changes.

​​ Delete secrets from your project

​​ Via Wrangler

To delete a secret from your Worker project, run the wrangler secret delete command:

wrangler secret delete
$ wrangler secret delete <KEY>

​​ Via the dashboard

To delete a secret from your Worker project via the dashboard:

  1. Log in to Cloudflare dashboard and select your account.
  2. Select Workers & Pages.
  3. In Overview, select your Worker > Settings.
  4. Under Environment Variables, select Edit variables.
  5. Select X next to the secret you want to delete.
  6. Select Save and deploy.

​​ Compare secrets and environment variables

Secrets are environment variables. The difference is secret values are not visible within Wrangler or dashboard interfaces after you define them. This means that sensitive data, including passwords or API tokens, should always be encrypted to prevent data leaks. To your Worker, there is no difference between an environment variable and a secret. The secret’s value is passed through as defined.