Cloudflare Tokens

Doppler provides the ability to rotate between two Cloudflare tokens, affording a zero-downtime rotation experience


  • Understand the Doppler rotation methodology
  • Cloudflare Account
    • Ability to create Cloudflare tokens


Setting up Cloudflare token rotation consists of creating three tokens

Managing User Key Creation

  1. Navigate to the Advanced Secrets tab in the Doppler config that you'd like to add the rotated secret to
  2. Select New Rotated Secret
  3. In the SaaS section, select Cloudflare
  4. Name the integration
  5. In a new browser tab, navigate to the tokens section in your Cloudflare dashboard
  6. Select Create Token
  7. Next to Create Additional Tokens, select Use Template
  8. Ensure the API Tokens permission is set to Edit
  1. Select Continue to Summary.
  2. Create the token
  3. Copy the token and return to the Doppler tab. Enter the token in the Managing Key input.


Do not enter, save, or paste the token anywhere else. It should only live in Doppler

Rotated Keys

  1. Provide a descriptive Rotated Secret Name. The rotated secret name will prefix the individual secret values that are injected into your config
  2. Interval is the cadence at which the secret is rotated
  3. Create two new Cloudflare tokens with identical permissions and provide their token values. Be sure to give these tokens different names in Cloudflare to easily identify them. Doppler will rotate these accordingly to your selected interval.
  4. Select next to create the Cloudflare rotate secret

Injected Values

After creating the Cloudflare rotated secret, two individual secrets will be available in the config. Doppler ensures the active secret instance is returned when requested or synced.

  • NAME - the name Cloudflare generates for the token. Likely not used in code but useful for auditing purposes, especially when correlating activity between Cloudflare and Doppler
  • VALUE - the value of the active secret instance.