Environment Variables & Secrets
hey, I think i lost confidence on workers environment variables.
First, I got played because I put a
text
environment variable in the dashboard and not on my wrangler.jsonc
Then for some reason, the environement variable just disapeared (or was it the value, I can't remember)
Then, on my production app, all of the sudden, all client got 403 from my API. It turned out the value of a secret
got cleared/emptied without any action on my side.
So: what are the magic rules so that I can rely on variable environement and not discovering the they disapear randomly ?6 Replies
@Tristan there are two things to remember here:
- Environment Variables are not sticky by default. Changes in the dashboard are immediately deployed, but do not persist if you publish via
wrangler
/CI, and haven't added the updated Environment Variable to your wrangler.json
. However, if you set keep_vars
to true
, it will persist variables you changed in the dashboard across deploys(Read More)
- Secrets are sticky by default. Once Secrets are written, they should not change/disappear unless you directly edit them.Cloudflare Docs
Configuration
Use a configuration file to customize the development and deployment setup for your Worker project and other Developer Platform products.
thank you for this; After learning the hard way about the clear text variable not being sticky by default, I read about that it's not the case for the secrets; so I have no explanation on why a secret got cleared today. Is there any logs in cloudflare that could tell me when this change happened (it's a personnal org/account so no teammates)
oh thanks, unfortunatly, no trace of any env var, not even the one I put back in using wrangler secret put 2hours ago
out of interest, are you using workers builds or did you use wrangler cli locally @Tristan ?
If that help, today, I did use the cli
wrangler secret put STRIPE_WEBHOOK_SECRET
then when I noticed the PUBLIC_API_KEY
was here but my app was complaining it was the wrong value, I did update it through the cloudflare dashboard
otherwise the app is deployed when PR are merged on main using npx opennextjs-cloudflare build
and npx opennextjs-cloudflare deploy