CD
Cloudflare Developers5mo ago
Mitya

Confusing advice about secrets and Wrangler

From what I can tell, it does not make sense to put sensitive data in the TOML file because this would be committed. CF acknowledges this by suggesting we use .dev.vars for local, and secrets for production. However, when adding secrets (via the dashboard), CF then says it "recommend[s] updating your wrangler.toml file to keep your local development environment in sync." So this advice seems to be contradictory. A related issue is that, as far as I know, local DB connection strings for Hyperdrives must be specified in TOML, not .dev.vars (the latter didn't work for me). So this necessitates having two TOML files - one production, one local - the local one being denoted via the --config param, because putting the connection string in the main TOML would mean committing DB credentials. Am I right in all the above, or can anyone clarify anything I'm missing?
4 Replies
mackenzie
mackenzie5mo ago
not sure how env works in local.... does it absorb the shell env where it was started? You would have to define env vars locally to match the ones you define in the dashboard I guess (if you need them defined always)?
Chaika
Chaika5mo ago
However, when adding secrets (via the dashboard), CF then says it "recommend[s] updating your wrangler.toml file to keep your local development environment in sync."
Yea you don't need to do that for secrets. Are you clicking "Encrypt" when adding them? For me adding a new encrypted environment variable properly doesn't come up with that menu well if you have any non-encrypted env variables it does come up with that, but it excludes the encrypted ones
Mitya
Mitya5mo ago
Thanks @Chaika . Mine are non-encrypted (they're sensitive, but I'm just testing things out right now so I didn't encrypt them.)
Chaika
Chaika5mo ago
well that's not a secret then, that's just an environment variable Secrets are just encrypted environment variables (can also be added via npx wrangler secret put <key>) Normal Environment Variables are not encrypted and useful for storing generic app config stuff (which account id to use, which endpoint, etc)
Want results from more Discord servers?
Add your server
More Posts
KV API giving FormData errorsI'm trying to write to KV, following the API docs here: https://developers.cloudflare.com/api/operatCloudflare 1.1.1.1 or Cloudflare One ability to set DNS LocationIt seems that it's not possible to set a DNS location when using 1.1.1.1 or Cloudflare One, rather tChange production branch name for pages direct deploymentHey all, I've been deploying my pages projects using github actions (wrangler cli / wrangler action)about cname record and a record limitsis there any limits on how many cname or a record I can make in cloudflare for same server address.Redirecting encoding issue.I need help with redirection, one of the url from below link is working and anoter is not working. cSSL for saas - Certificate validation _acme-challenge TXT value keeps changing - custom hostnameWhat is the domain name? custom domain:_cny2024_tm_com_my cf zone: tmcny2024_com note: replaced dot are prisma Accelerate and hyperdrive competitors ?If yes can I replace Prisma Accelerate with Hyperdrive in prismClient ?bad gateway 502ok so i am not sure what is going on. i finally got passbolt up and running usuing cloudflare tunnelUnable to start workers in localserver.I am just following through the quick start guide of creating a worker. - Created the project with 503 Service Unavailable ErrorMy website has randomly encountered this error and I do not know how to fix? Please help!