Where to put database_id for a D1 database?
I am trying to figure out where to put the database_id for a D1 database. I know you can put it in the [[d1_databases]] section of wrangler.toml, but this is a security risk because wrangler.toml is checked into git. So maybe it should go in .dev.vars? But then how do I reference it in wrangler.toml, or is that not necessary? If I put it in .dev.vars, how would wrangler know that it is for a D1 database? And then should it go into wrangler secrets for deployment? Thanks in advance.
10 Replies
No, it is not a security risk to have it checked into git
Really?
binding = "DB"
database_name = "my_sveltekit_db"
database_id = "342dcda3-70fa-4a97-b3be-6f3c37b5cad8"
D1 Databases are only accessible via your account, so unless someone has access to your account, they aren't able to use your
database_id for anything
And if they do have access to your account, they would be able to find the database_id themselves anywayOK, well that makes things easier. I was going to check it into Github so other people can see what I've done, and I thought having my actual database_id wouldn't be very elegant.
Users would have to add their own D1
database_ids anyway, so it shouldn't be much issue either waySo you can't refer to environment variables in a wrangler.toml file? Or does wrangler somehow read the environment variables instead of wrangler.toml?
When developing your Worker or Pages Function, create a .dev.vars file in the root of your project to define secrets that will be used when running wrangler dev or wrangler pages dev, as opposed to using environment variables in wrangler.toml. This works both in local and remote development modes.
The .dev.vars file should be formatted like a dotenv file, such as KEY="VALUE":
I'm not really sure what that means.
It seems to be saying not to use wrangler.toml, but to use .dev.vars instead.So there are two separate concepts there:
There are your System Environment Variables(like
PATH). These can be used to configure wrangler itself, like using an API Token instead of OAuth. These are not available within your Worker/Pages Functions at runtime.
Then there are Worker/Pages Environment Variables. These are accessible to your Worker at runtime. Variables can be added in your wrangler.toml, where they will be present in development and when deployed. They can also be in a .dev.vars file, but these will only be available in development. .dev.vars emulates Workers Secrets, which need to be deployed separately to be available when your Worker/Pages Project is deployed.
wrangler.toml is not able to pull from your System Environment Variables for configuration, but some things, like CLOUDFLARE_ACCOUNT_ID can be provided when using wrangler commands.Would it be possible/desirable/best practice to put d1_database in .dev.vars and reference it in wrangler.toml?
No, it would not be best practice, and is not actually doable
All values in your
wrangler.toml are evaluated as-isThank you for clearing this up.