Use Secrets Store in a real application path
Secrets Store bindings let Workers read account-level secrets without storing secret values in code.
A compact Secrets Store recipe with config and worker usage in one application path.
Use this as the copyable starter before threading the feature into a larger application.
- Config focus
- bindings.secretsStore
- Runtime shape
- Best use
- shared account secrets that should be referenced by store id and secret name instead of copied into config
Start by wiring the binding clearly in config
Smallest Secrets Store config with one default store
Build the application flow around the binding
Treat this as the app-level Secrets Store path: the route, event handler, or service module receives a real request and uses the binding to do useful work.
Keep product limits, remote ownership, and fallback behavior visible in the code around the binding instead of hiding everything behind a vague utility too early.
- Keep the first example short enough to paste into a new Worker.
Protect an internal route with a shared API token
Keep production boundaries visible
- Config focus: bindings.secretsStore.
- Runtime shape: .
- Best use: shared account secrets that should be referenced by store id and secret name instead of copied into config.
Thread this into the next recipe
Once this smallest path works, add routing, generated types, and feature-specific abstraction in that order.
Previous
Testing Secrets Store
Test Secrets Store by choosing the local harness that matches the product boundary instead of reaching for Cloudflare by default.
Next
AI Search
Add the AI Search config, call or from worker code, and start with the local test path Devflare supports.