Account ID as a secret

Hello,

I am starting to set up a maintenance page, and I am configuring a service worker.
Currently, I have the account_id/zone_id hardcode within the wrangler.toml file. However, I want to have it as Cloudflare environment variable secret. I am able to create the secret CF_ACCOUNT_ID=xxxxxx. However, I am having a hard time to figure out the usage within the *toml file.
vars = { ENVIRONMENT = “dev”, CF_ACCOUNT_ID }
account_id = CF_ACCOUNT_ID
Error: :warning: Could not find environment with name “CF_ACCOUNT_ID”

Any help is welcome
Thx

1 Like

Hi,

Out of curiosity, why do you need your account_id as a secret? It is ok to leave it public, as no action can be taken on your behalf without a corresponding API Token / Key, which should be kept secret.

In any case, to reference a variable’s value in your TOML file, you would need to do your own file processing / templating outside the wrangler or any workers tooling. You cannot reference a variable in your TOML with wrangler alone.

Hey thanks for your reply. So I have the service worker app (webpack/wrangler.toml etc) within a jenkins pipeline. The BUILD, and PUBLISH steps are set inside a docker file, and I have the account_id and api_token on jenkins secrets. It builds and publish fine having it as build-args. I cannot do the same on the *toml file.
It is part of our automated environment, and it needs to be rebuilt and redeployed from the pipeline any time that we have to create new environments/ namespaces/ secrets as part of the automation to create new environments and so on. Triggered by a git commit on a bitbucket/master branch.

Thanks

It sounds like you would need to create a template file for the wrangler.toml, and use a program like sed to replace certain values with ones you have in the environment. Apologies if that’s totally unrelated :smiley: - just seems like you need to “templatize” your wrangler.toml, and use the build args inside the file.

Unfortunately, I don’t have this choice due security matters. What I did: I copied the files to docker, and within docker, and I did use npm to install all dependencies, including the cf/wrangler. Then, wrangler rebuilds everything inside the container. I did sanitized the wrangler.toml file deleting account_id, and passed it as build argument, same as the api_token to publish the worker that was built inside the container, and it doesn’t complain about the account_id.