During the recent Developer Week 2025, Cloudflare announced the public beta of Cloudflare Secrets Store, a secure way to store API tokens, keys, and credentials. While the long-term goal is to integrate Secrets Store with various Cloudflare products, it currently supports only Cloudflare Workers.
Cloudflare Secrets Store enables developers to securely store and manage the secrets their applications need, from API tokens to request authorization headers. Mia Malden, product manager at Cloudflare, Mitali Rawat, systems engineer, and James Vaughan, systems engineer at Cloudflare, write:
Environment variables and secrets were first launched in Cloudflare Workers back in 2020. Now, there are millions of local secrets deployed on Workers scripts. However, these are not all unique (…) With thousands of secrets duplicated across scripts — each requiring manual creation and updates — scoping secrets to individual Workers has created significant friction for developers (…) Now, you can create account-level secrets and variables that can be shared across all Workers scripts, centrally managed and protected within the Secrets Store.
Cloudflare Secrets Store was initially announced in May 2023, but no news had been shared since then, raising questions in the community that the project had been discontinued. Two months ago, user waterforthemasses wrote on Reddit:
This is a long awaited feature, especially given the limitations of Worker env variable secrets. Could Cloudflare confirm if this has been shelved or still WIP? And if possible, what is the rough timeline when to expect it?
According to the documentation, whereas Worker secrets are tied to the account role and anyone who can modify the Worker can modify the secret, access to account-level secrets is restricted with granular controls: Cloudflare Secrets Store uses role-based access control (RBAC) and any changes to the Secrets Store are recorded in the audit logs. Malden, Rawat, and Vaughan add:
Right now, to use a secret within a Worker, you have to create a binding for that specific secret. In the future, we’ll allow you to create a binding to the store itself so that the Worker can access any secret within that store. We’ll also allow customers to create multiple secret stores within their account so that they can manage secrets by group when creating access policies.
The feature was a highly requested requirement from the community, with Bruce Lee Harrison asking a year ago on Reddit:
I’m currently building something out that makes extensive use of PKI, and currently I have to manage all of this within my worker and an R2 database. While this works, root keys still present problem and the new Secret Store would complete solve my issue. Has CF given any guidance beyond the original blog posting? Had anyone gotten access to the beta?
Cloudflare Secrets Store is currently in public beta, and the Workers integration is available for all customers via UI and API.
