This guide will show how to sync secrets from Doppler to Cloudflare Workers.
- Experience deploying Cloudflare Workers using secrets for configuration
- Wrangler CLI installed and authenticated
- The jq CLI installed
You'll need to perform the one-time operation of adding your secrets from Cloudflare to Doppler before continuing as there is no way to export your current secrets using the Wrangler API.
To sync your secrets to Clouflare as part of a CI/CD job e.g. GitHub Actions, the Doppler CLI requires a Service Token to provide read-only access to a specific config and is exposed to the CLI via the
DOPPLER_TOKEN environment variable. This would normally be set by the environment, e.g GitHub Secret, but for this guide, we'll provide it manually.
Automatically syncing secrets from Doppler to Cloudflare is currently a bit awkward because the Wrangler CLI only allows a single secret to be set at a time. We work around this by combining the commands to set all secrets in a temporary file, then remove it once the secrets sync has been completed.
jq -r '. | to_entries | "echo \(.value) | wrangler secret put \(.key);\n"' <(doppler secrets download --no-file) | xargs > cfenv.sh && source cfenv.sh && rm cfenv.sh
You should see a confirmation message in your shell for every secret synced to Cloudflare.
Now you know to use Doppler to easily sync secrets to Cloudflare Workers in CI/CD environments.
Updated about a month ago