{"id":309,"date":"2026-03-25T00:00:00","date_gmt":"2026-03-25T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/25\/workers-declare-required-secrets-in-your-wrangler-configuration\/"},"modified":"2026-03-25T00:00:00","modified_gmt":"2026-03-25T00:00:00","slug":"workers-declare-required-secrets-in-your-wrangler-configuration","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/25\/workers-declare-required-secrets-in-your-wrangler-configuration\/","title":{"rendered":"Workers &#8211; Declare required secrets in your Wrangler configuration"},"content":{"rendered":"<p>The new <code>secrets<\/code> configuration property lets you declare the secret names your Worker requires in your Wrangler configuration file. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.<\/p>\n<ul>\n<li>\n<p>wrangler.jsonc<\/p>\n<div>\n<div>\n<figure>\n<pre data-language=\"jsonc\"><code class=\"language-jsonc\"><div><div><span>{<\/span><\/div><\/div><div><div><span>  <\/span><span>\"<\/span><span>secrets<\/span><span>\"<\/span><span>:<\/span><span> <\/span><span>{<\/span><\/div><\/div><div><div><span>    <\/span><span>\"<\/span><span>required<\/span><span>\"<\/span><span>:<\/span><span> <\/span><span>[<\/span><span>\"API_KEY\"<\/span><span>,<\/span><span> <\/span><span>\"DB_PASSWORD\"<\/span><span>],<\/span><\/div><\/div><div><div><span>  <\/span><span>},<\/span><\/div><\/div><div><div><span>}<\/span><\/div><\/div><\/code><\/pre>\n<div>\n<div><\/div>\n<\/div>\n<\/figure>\n<\/div><\/div>\n<\/li>\n<li>\n<p>wrangler.toml<\/p>\n<div>\n<div>\n<figure>\n<pre data-language=\"toml\"><code class=\"language-toml\"><div><div><span>[<\/span><span>secrets<\/span><span>]<\/span><\/div><\/div><div><div><span>required<\/span><span> <\/span><span>=<\/span><span> <\/span><span>[<\/span><span> <\/span><span>\"API_KEY\"<\/span><span>,<\/span><span> <\/span><span>\"DB_PASSWORD\"<\/span><span> <\/span><span>]<\/span><\/div><\/div><\/code><\/pre>\n<div>\n<div><\/div>\n<\/div>\n<\/figure>\n<\/div><\/div>\n<\/li>\n<\/ul>\n<h4>Local development<\/h4>\n<p>When <code>secrets<\/code> is defined, <code>wrangler dev<\/code> and <code>vite dev<\/code> load only the keys listed in <code>secrets.required<\/code> from <code>.dev.vars<\/code> or <code>.env<\/code>\/<code>process.env<\/code>. Additional keys in those files are excluded. If any required secrets are missing, a warning is logged listing the missing names.<\/p>\n<h4>Type generation<\/h4>\n<p><code>wrangler types<\/code> generates typed bindings from <code>secrets.required<\/code> instead of inferring names from <code>.dev.vars<\/code> or <code>.env<\/code>. This lets you run type generation in CI or other environments where those files are not present. Per-environment secrets are supported \u2014 the aggregated <code>Env<\/code> type marks secrets that only appear in some environments as optional.<\/p>\n<h4>Deploy<\/h4>\n<p><code>wrangler deploy<\/code> and <code>wrangler versions upload<\/code> validate that all secrets in <code>secrets.required<\/code> are configured on the Worker before the operation succeeds. If any required secrets are missing, the command fails with an error listing which secrets need to be set.<\/p>\n<p>For more information, refer to the <a href=\"https:\/\/developers.cloudflare.com\/workers\/wrangler\/configuration\/#secrets-configuration-property\"><code>secrets<\/code> configuration property<\/a> reference.<\/p>","protected":false},"excerpt":{"rendered":"<p>The new secrets configuration property lets you declare the secret names your Worker requires in your Wrangler configuration file. Required secrets are validated during local development and deploy, and used as the source of truth for type generation. wrangler.jsonc { &#8220;secrets&#8221;: { &#8220;required&#8221;: [&#8220;API_KEY&#8221;, &#8220;DB_PASSWORD&#8221;], },} wrangler.toml [secrets]required = [ &#8220;API_KEY&#8221;, &#8220;DB_PASSWORD&#8221; ] Local development [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-309","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=309"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/309\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}