CD
Cloudflare Developers7mo ago
Jacob

Secrets Store Bug on Worker

I added this to my jsonc: 
    "secrets_store_secrets": [
        {
            "binding": "BLUE_UPSTASH_REDIS_REST_URL",
            "store_id": "123",
            "secret_name": "BLUE_UPSTASH_REDIS_REST_URL"
        },
        {
            "binding": "BLUE_UPSTASH_REDIS_REST_TOKEN",
            "store_id": "123",
            "secret_name": "BLUE_UPSTASH_REDIS_REST_TOKEN"
        }
    ],
    "secrets_store_secrets": [
        {
            "binding": "BLUE_UPSTASH_REDIS_REST_URL",
            "store_id": "123",
            "secret_name": "BLUE_UPSTASH_REDIS_REST_URL"
        },
        {
            "binding": "BLUE_UPSTASH_REDIS_REST_TOKEN",
            "store_id": "123",
            "secret_name": "BLUE_UPSTASH_REDIS_REST_TOKEN"
        }
    ],
Got this error: 
17:34:23.216    - Secrets Store Secrets:
17:34:23.216      - BLUE_UPSTASH_REDIS_REST_URL: 123/BLUE_UPSTASH_REDIS_REST_URL
17:34:23.216      - BLUE_UPSTASH_REDIS_REST_TOKEN: 123/BLUE_UPSTASH_REDIS_REST_TOKEN
17:34:23.222    
17:34:23.223    ✘ [ERROR] A request to the Cloudflare API (/accounts/333/workers/scripts/blue/versions) failed.
17:34:23.224    
17:34:23.224      failed to fetch secrets store binding due to authorization error - check deploy permissions and secret scopes [code: 10021]
17:34:23.224      
17:34:23.224      If you think this is a bug, please open an issue at: https://github.com/cloudflare/workers-sdk/issues/new/choose
17:34:23.216    - Secrets Store Secrets:
17:34:23.216      - BLUE_UPSTASH_REDIS_REST_URL: 123/BLUE_UPSTASH_REDIS_REST_URL
17:34:23.216      - BLUE_UPSTASH_REDIS_REST_TOKEN: 123/BLUE_UPSTASH_REDIS_REST_TOKEN
17:34:23.222    
17:34:23.223    ✘ [ERROR] A request to the Cloudflare API (/accounts/333/workers/scripts/blue/versions) failed.
17:34:23.224    
17:34:23.224      failed to fetch secrets store binding due to authorization error - check deploy permissions and secret scopes [code: 10021]
17:34:23.224      
17:34:23.224      If you think this is a bug, please open an issue at: https://github.com/cloudflare/workers-sdk/issues/new/choose
3 Replies
Jacob
JacobOP7mo ago
Ok solution is simple. I didn't realize each worker generates it's own api key. The guide should be updated to instruct you to add secrets store read/edit to your key associated to the worker.
CanRau
CanRau6mo ago
yes indeed very confusing thank you, took me a moment to find the right page and api keys to edit and also had to make sure "secret store" persmission is set to edit here's the dashboard deeplink https://dash.cloudflare.com/?to=/:account/api-tokens for anyone else looking
Jacob
JacobOP6mo ago
It would be nice if workers error logs were a little more exact on the permission scopes needed and api key name. And if docs reflected the need for the scopes.

Did you find this page helpful?