The downside is that JWTs are more tricky to revoke, other than the standard "this is valid for 24 h

The downside is that JWTs are more tricky to revoke, other than the standard "this is valid for 24 hours". If that's a concern you can always do a DB lookup on sensitive actions like password changes, while allowing regular JWT validation on standard actions.

IIsaac McFadyen So kind of. You should investigate JWTs.

Matt Silverlock•3/26/24, 3:33 PM

For others here: Cloudflare Access stores its JWTs in KV, at scale.

IIsaac McFadyen The downside is that JWTs are more tricky to revoke, other than the standard "th...

x03•3/26/24, 4:12 PM

I'd rather avoid JWT tokens for several security issues

x03•3/26/24, 4:12 PM

My app relies heavily on being secure and issues like cookie logging need to be avoided

x03•3/26/24, 4:12 PM

thus I choose to use sessions

Isaac McFadyenOP•3/26/24, 4:12 PM

Not sure what you mean?

Isaac McFadyenOP•3/26/24, 4:13 PM

JWTs can be sent in the Cookie header the same as sessions.

x03•3/26/24, 4:13 PM

I meant that if someone rats your pc and steals your cookie, I dont want them to be able to plug the JWT into my website to log into your account

Xx03 I meant that if someone rats your pc and steals your cookie, I dont want them to...

Isaac McFadyenOP•3/26/24, 4:13 PM

They can do that with a session too...

Isaac McFadyenOP•3/26/24, 4:13 PM

Unless I'm misunderstanding?

x03•3/26/24, 4:13 PM

the use of sessions lets me verify that the IP and user agent matches through the database

Isaac McFadyenOP•3/26/24, 4:13 PM

Ah, I see.

Isaac McFadyenOP•3/26/24, 4:14 PM

You can actually encode that in the JWT too.

Isaac McFadyenOP•3/26/24, 4:14 PM

And then check the JWT, and if it's not the same then discard and return unauthorized.

Isaac McFadyenOP•3/26/24, 4:14 PM

We should probably move to #general-discussions to continue this discussion

x03•3/26/24, 4:15 PM

Alright ill talk to you there

MMatt Silverlock For others here: Cloudflare Access stores its JWTs in KV, at scale.

rob•3/28/24, 4:05 PM

anything similar like that for storing env keys secrets for external APIs on tbhe web ui that can be called by workers or funtions? or shouldwe just use kv

Rrob anything similar like that for storing env keys secrets for external APIs on tbh...

Isaac McFadyenOP•3/28/24, 4:06 PM

You should use Secrets for API keys that infrequently change, but if you need to update them from code or have a lot of them then you should use KV.

Isaac McFadyenOP•3/28/24, 4:06 PM

KV is still secure.

rob•3/28/24, 4:06 PM

yea it would be secrets

Rrob yea it would be secrets

Isaac McFadyenOP•3/28/24, 4:06 PM

Sorry, I mean Secrets as in the actual Workers bindings: https://developers.cloudflare.com/workers/configuration/secrets/

Isaac McFadyenOP•3/28/24, 4:07 PM

They can't be changed via code, only either through the dash or Wrangler.

rob•3/28/24, 4:09 PM

alright nice did not know about that on the web ui

rob•3/28/24, 4:09 PM

thought you had to use wrangler for it only

causalityparadox•3/29/24, 11:04 PM

Hey, the worker KV API outside of workers is quite slow for me
is there any other API that I can hit for faster reads?

Ccausalityparadox Hey, the worker KV API outside of workers is quite slow for me is there any othe...

Hello, I’m Allie!•3/30/24, 10:34 AM

You build a Worker to send requests through?

Hello, I’m Allie!•3/30/24, 10:34 AM

Other than that, no. The Cloudflare API is generally pretty slow, when compared with Workers bindings

causalityparadox•3/30/24, 10:34 AM

I see

talkingarmor•4/1/24, 3:10 AM

Hi, does anyone know if KV supports bulk reads? It seems really inefficient to be reading out 1 key at a time compared to providing a list of keys and getting the values back like Redis

Ttalkingarmor Hi, does anyone know if KV supports bulk reads? It seems really inefficient to b...

Hello, I’m Allie!•4/1/24, 6:59 AM

It does not, though you can issue reads in parallel, by awaiting them all with Promise.allPromise.all

Ttalkingarmor Hi, does anyone know if KV supports bulk reads? It seems really inefficient to b...

DaniFoldi•4/1/24, 8:40 AM

bulk reads unfortunately aren't supported by the binding, and not even by the api, since individual values could be up to 25MB in size - if your data is small (eg. fits in key + metadata), you can use

list

list

to get up to 1k keys at a time

HHello, I’m Allie!It does not, though you can issue reads in parallel, by awaiting them all with `...

talkingarmor•4/1/24, 11:17 AM

Yeah, that's what I am doing, but it feels wrong initiating so many calls to load from KV.

DDaniFoldi bulk reads unfortunately aren't supported by the binding, and not even by the ap...

talkingarmor•4/1/24, 11:17 AM

The files I have are very small, usually less than 20kb compressed

talkingarmor•4/1/24, 11:18 AM

But my app requires loading 50 to 100 key value pairsr per function call

Ttalkingarmor The files I have are very small, usually less than 20kb compressed

DaniFoldi•4/1/24, 12:15 PM

Yeah metadata is unfortunately 1 or 2kb, can’t remember exactly, so too large, you can either chunk the files or batch them into a single larger kv value

DDaniFoldi Yeah metadata is unfortunately 1 or 2kb, can’t remember exactly, so too large, y...

talkingarmor•4/1/24, 1:37 PM

Okay thanks, btw, is it save to assume that looking KV and retrieving the values are significantly faster than R2? I haven't written any performance testing, but I assume that it would..

Chief•4/1/24, 2:25 PM

Does KV have read/write units? I.e. If I write 10MB into a value, is it the same price as writing 10KB?

CChief Does KV have read/write units? I.e. If I write 10MB into a value, is it the same...

Isaac McFadyenOP•4/1/24, 2:51 PM

Yes, same price. All writes are billed as the same amount.

Isaac McFadyenOP•4/1/24, 2:52 PM

KV has a limit of 25MB per value so that's the limit there, but anything below the limit is billed the same.

Unsmart•4/1/24, 5:15 PM

Durable objects is the only product that bills by units instead of just read or write

Unsmart•4/1/24, 5:15 PM

Everything else is simple pricing

Ttalkingarmor Okay thanks, btw, is it save to assume that looking KV and retrieving the values...

DaniFoldi•4/2/24, 7:34 AM

For values that are cached, retrievals should be much faster. For new reads, they come from one of the core locations. See https://developers.cloudflare.com/kv/reference/how-kv-works/ for how it works

OG | Career Fair Chair Assistant•4/3/24, 4:34 PM

Hi, I am having issues assessing my KV namespace. Also I created my worker on vscode but I cannot see it on my cloudflare web account. Could this be why there is a discrepancy in assessing my namespace and if it is or whyever this is happening, could I get assistance from someone here please?