Cloudflare Developers•2mo ago

How to update Worker secrets via REST API (or TS SDK)?

I found such undocumented endpoints in wrangler's source code: - To create and update Worker's secret: https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/workers/scripts/<WORKER_NAME>/secrets - To delete Worker's secret: https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/workers/scripts/<WORKER_NAME>/secrets/<SECRET_KEY> Unfortunately they are not working. The update one fails with error saying that the key is already in use - of course it is:

{
  code: 10053,
  message: "Binding name 'INSTAGRAM_ACCESS_TOKEN' already in use. Please use a different name and try again."
}

{
  code: 10053,
  message: "Binding name 'INSTAGRAM_ACCESS_TOKEN' already in use. Please use a different name and try again."
}

So I tried to delete it first. And the delete one doesn't work as well saying the binding not found when it's already there:

 {
  code: 10056,
  message: "Binding 'INSTAGRAM_ACCESS_TOKEN' not found. Please use a different name and try again."
}

 {
  code: 10056,
  message: "Binding 'INSTAGRAM_ACCESS_TOKEN' not found. Please use a different name and try again."
}

The API access token I'm using has full read/write previlages in the scope of the worker's zone. I'm completely out of ideas. Please help.

GitHub

workers-sdk/packages/wrangler/src/secret/index.ts at main · cloudfl...

⛅️ Home to Wrangler, the CLI for Cloudflare Workers® - cloudflare/workers-sdk

1 Reply

KamilOP•2mo ago

Leaving my source code below:

export const setAccessTokenSecret = async (accessTokenValue: string) => {
  const createSecretUrl =
    'https://api.cloudflare.com/client/v4/accounts/' +
    process.env.CLOUDFLARE_ACCOUNT_ID +
    '/workers/scripts/' +
    process.env.CLOUDFLARE_WORKER_NAME +
    '/secrets'
  const deleteSecretUrl = `${createSecretUrl}/${INSTAGRAM_TOKEN_ENV_VARIABLE_NAME}`

  const headers = {
    'Content-Type': 'application/json',
    Authorization: `Bearer ${process.env.CLOUDFLARE_API_TOKEN}`,
  }

  try {
    const batchResponses = await Promise.all([
      fetch(deleteSecretUrl, { method: 'DELETE', headers }),
      fetch(createSecretUrl, {
        method: 'PUT',
        headers,
        body: JSON.stringify({
          name: INSTAGRAM_TOKEN_ENV_VARIABLE_NAME,
          text: accessTokenValue,
          type: 'secret_text',
        }),
      }),
    ])

    const batchData = await Promise.all(
      batchResponses.map((response) => response.json<CloudflareApiResponse>()),
    )

    const errors = batchData.map((data) => data.errors).flat()

    const isSuccess =
      errors.length === 0 && batchData.every((data) => data.success)

    if (!isSuccess) {
      throw new Error('Failed to update access token secret', {
        cause: errors,
      })
    }

    return isSuccess
  } catch (error) {
    console.error('[setAccessTokenSecret]', error)
    return false
  }
}

export const setAccessTokenSecret = async (accessTokenValue: string) => {
  const createSecretUrl =
    'https://api.cloudflare.com/client/v4/accounts/' +
    process.env.CLOUDFLARE_ACCOUNT_ID +
    '/workers/scripts/' +
    process.env.CLOUDFLARE_WORKER_NAME +
    '/secrets'
  const deleteSecretUrl = `${createSecretUrl}/${INSTAGRAM_TOKEN_ENV_VARIABLE_NAME}`

  const headers = {
    'Content-Type': 'application/json',
    Authorization: `Bearer ${process.env.CLOUDFLARE_API_TOKEN}`,
  }

  try {
    const batchResponses = await Promise.all([
      fetch(deleteSecretUrl, { method: 'DELETE', headers }),
      fetch(createSecretUrl, {
        method: 'PUT',
        headers,
        body: JSON.stringify({
          name: INSTAGRAM_TOKEN_ENV_VARIABLE_NAME,
          text: accessTokenValue,
          type: 'secret_text',
        }),
      }),
    ])

    const batchData = await Promise.all(
      batchResponses.map((response) => response.json<CloudflareApiResponse>()),
    )

    const errors = batchData.map((data) => data.errors).flat()

    const isSuccess =
      errors.length === 0 && batchData.every((data) => data.success)

    if (!isSuccess) {
      throw new Error('Failed to update access token secret', {
        cause: errors,
      })
    }

    return isSuccess
  } catch (error) {
    console.error('[setAccessTokenSecret]', error)
    return false
  }
}

Anyone?

Gaming

Programming

How to update Worker secrets via REST API (or TS SDK)?

Did you find this page helpful?