Cloudflare Workers

reading time 3 mins

This guide will show how to sync secrets from Doppler to Cloudflare Workers.


  • Experience with Cloudflare Worker secrets
  • Wrangler CLI installed and authenticated
  • The jq CLI installed

Import Secrets

You'll need to perform the one-time operation of adding your secrets from Cloudflare to Doppler before continuing as there is no way to export your current secrets using the Wrangler API.

Service Tokens

To sync your secrets to Clouflare as part of a CI/CD job e.g. GitHub Actions, the Doppler CLI requires a Service Token to provide read-only access to a specific config and is exposed to the CLI via the DOPPLER_TOKEN environment variable. This would normally be set by the environment, e.g GitHub Secret, but for this guide, we'll provide it manually.


Secrets Sync

Because the Wrangler CLI only supports setting a single secret at a time, we dynamically compose the list of wrangler secret put commands and execute it as a file using bash process substitution:

source <(
  doppler secrets substitute \
    <(echo -e \
      '{{ range $key, $val := . }}
        echo "{{$val}}" | wrangler secret put {{$key}};

You should see a confirmation message in your shell for every secret synced to Cloudflare.


Awesome Work!

Now you know to use Doppler to easily sync secrets to Cloudflare Workers in CI/CD environments.