Cloudflare Workers

reading time 3 mins

This guide will show how to sync secrets from Doppler to Cloudflare Workers.


  • Experience deploying Cloudflare Workers using secrets for configuration
  • Wrangler CLI installed and authenticated
  • The jq CLI installed

Import Secrets

You'll need to perform the one-time operation of adding your secrets from Cloudflare to Doppler before continuing as there is no way to export your current secrets using the Wrangler API.

Service Tokens

To sync your secrets to Clouflare as part of a CI/CD job e.g. GitHub Actions, the Doppler CLI requires a Service Token to provide read-only access to a specific config and is exposed to the CLI via the DOPPLER_TOKEN environment variable. This would normally be set by the environment, e.g GitHub Secret, but for this guide, we'll provide it manually.


Sync Secrets

Automatically syncing secrets from Doppler to Cloudflare is currently a bit awkward because the Wrangler CLI only allows a single secret to be set at a time. We work around this by combining the commands to set all secrets in a temporary file, then remove it once the secrets sync has been completed.

source <(jq -rj $'. | to_entries[] | "echo \'\(.value)\' | wrangler secret put \(.key);\n"' <(doppler secrets download --no-file))

You should see a confirmation message in your shell for every secret synced to Cloudflare.


Awesome Work!

Now you know to use Doppler to easily sync secrets to Cloudflare Workers in CI/CD environments.

Did this page help you?