sudacode/dotfiles
1
0
Fork 0
mirror of https://github.com/ksyasuda/dotfiles.git synced 2026-03-22 06:11:27 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
f9a530667e34644a601d21f1014a0cc2ee364719
dotfiles/.agents/skills/cloudflare-deploy/references/secrets-store/README.md
sudacode f9a530667e update skills
2026-03-17 16:53:22 -07:00

75 lines
2.2 KiB
Markdown
Raw Blame History

# Cloudflare Secrets Store
Account-level encrypted secret management for Workers and AI Gateway.
## Overview
**Secrets Store**: Centralized, account-level secrets, reusable across Workers
**Worker Secrets**: Per-Worker secrets (`wrangler secret put`)
### Architecture
- **Store**: Container (1/account in beta)
- **Secret**: String ≤1024 bytes
- **Scopes**: Permission boundaries controlling access
- `workers`: For Workers runtime access
- `ai-gateway`: For AI Gateway access
- Secrets must have correct scope for binding to work
- **Bindings**: Connect secrets via `env` object
**Regional Availability**: Global except China Network (unavailable)
### Access Control
- **Super Admin**: Full access
- **Admin**: Create/edit/delete secrets, view metadata
- **Deployer**: View metadata + bindings
- **Reporter**: View metadata only
API Token permissions: `Account Secrets Store Edit/Read`
### Limits (Beta)
- 100 secrets/account
- 1 store/account
- 1024 bytes max/secret
- Production secrets count toward limit
## When to Use
**Use Secrets Store when:**
- Multiple Workers share same credential
- Centralized management needed
- Compliance requires audit trail
- Team collaboration on secrets
**Use Worker Secrets when:**
- Secret unique to one Worker
- Simple single-Worker project
- No cross-Worker sharing needed
## In This Reference
### Reading Order by Task
| Task | Start Here | Then Read |
|------|------------|-----------|
| Quick overview | README.md | - |
| First-time setup | README.md → configuration.md | api.md |
| Add secret to Worker | configuration.md | api.md |
| Implement access pattern | api.md | patterns.md |
| Debug errors | gotchas.md | api.md |
| Secret rotation | patterns.md | configuration.md |
| Best practices | gotchas.md | patterns.md |
### Files
- [configuration.md](./configuration.md) - Wrangler commands, binding config
- [api.md](./api.md) - Binding API, get/put/delete operations
- [patterns.md](./patterns.md) - Rotation, encryption, access control
- [gotchas.md](./gotchas.md) - Security issues, limits, best practices
## See Also
- [workers](../workers/) - Worker bindings integration
- [wrangler](../wrangler/) - CLI secret management commands
Reference in New Issue View Git Blame Copy Permalink