Isaac.

serverless

Cloudflare Workers Environment Variables and Secrets

Manage configuration and sensitive data in Cloudflare Workers.

By Emem IsaacDecember 19, 20212 min read
#cloudflare workers#environment variables#secrets#configuration
Share:

A Simple Analogy

Environment variables in Workers are like a notes app for your code. Store configuration details that change per environment.

Why Configuration?

  • Environment-specific: Different settings per deployment
  • Security: Don't hardcode secrets
  • Flexibility: Change without redeploying
  • Secrets: Sensitive data stays safe
  • Rotation: Update credentials easily

wrangler.toml Setup

[env.production]
name = "api-worker-prod"
route = "https://api.example.com/*"

[env.production.env]
DATABASE_URL = "postgresql://prod-db"
API_KEY = "sk_prod_xxx"

[env.staging]
name = "api-worker-staging"
route = "https://staging.example.com/*"

[env.staging.env]
DATABASE_URL = "postgresql://staging-db"
API_KEY = "sk_staging_xxx"

Using Variables

export default {
  async fetch(request) {
    const dbUrl = env.DATABASE_URL;
    const apiKey = env.API_KEY;
    
    const response = await fetch(`${dbUrl}/query`);
    // Use variables in your code
  }
}

interface Env {
  DATABASE_URL: string;
  API_KEY: string;
}

export default {
  async fetch(request: Request, env: Env) {
    // Type-safe access
    console.log(env.DATABASE_URL);
  }
}

Secrets Management

# Store secret in production environment
wrangler secret put API_KEY --env production
# Then paste the secret value

# Store multiple secrets
wrangler secret put DATABASE_PASSWORD
wrangler secret put JWT_SECRET
wrangler secret put ENCRYPTION_KEY

# List secrets
wrangler secret list

# Delete secret
wrangler secret delete API_KEY

Using Secrets

export default {
  async fetch(request, env) {
    const apiKey = env.API_KEY;      // From [env] section
    const dbPass = env.DATABASE_PASSWORD;  // From secrets
    
    // Use in API calls
    const response = await fetch('https://api.example.com/data', {
      headers: {
        'Authorization': `Bearer ${apiKey}`
      }
    });
    
    return response;
  }
}

KV Namespace Configuration

[[kv_namespaces]]
binding = "CACHE"
id = "abc123"
preview_id = "xyz789"

[[kv_namespaces]]
binding = "SESSIONS"
id = "def456"
preview_id = "ijk012"

export default {
  async fetch(request, env) {
    const cached = await env.CACHE.get('key');
    await env.SESSIONS.put('session-id', JSON.stringify(data));
  }
}

Best Practices

  1. Never hardcode: Use environment variables
  2. Rotate secrets: Update periodically
  3. Scope access: Limit who can view secrets
  4. Version control: Commit config structure, not values
  5. Document: List required variables

Related Concepts

  • Durable Objects
  • Workers Analytics
  • Cron triggers
  • Environment management

Summary

Configure Cloudflare Workers with wrangler.toml for environment variables and store secrets securely using the wrangler CLI.

Share:

Written by Emem Isaac

Expert Software Engineer with 15+ years of experience building scalable enterprise applications. Specialized in ASP.NET Core, Azure, Docker, and modern web development. Passionate about sharing knowledge and helping developers grow.

LinkedIn Twitter GitHub

Related Articles

serverless

Cloudflare Workers Advanced Patterns

Implement advanced patterns with Cloudflare Workers.

Read More devops

Using Environment Variables

Learn how to manage configuration and secrets using environment variables in your applications.

Read More serverless

Azure Functions with .NET

Build serverless applications with Azure Functions.

Read More

Ready to Build Something Amazing?

Let's discuss your project and explore how my expertise can help you achieve your goals. Free consultation available.

Get In Touch Call Now

💼 Trusted by 50+ companies worldwide | ⚡ Average response time: 24 hours