[bug] wrangler secret keeps reverting

I have 2 workers that connect to faunadb. I have moved my DB to a new region, so now it has a new key.
Both workers have a secret that is used to connect to the DB.
I’m updating the secret to the DB by wrangler secret put KEY_NAME and then re-publishing the workers.
I’m not sure exactly at what point, but at least one of those workers keeps reverting to the old key.
I simply see the writes go to the old DB.
There are no other workers that access the DB.
Could it be that the updated publish did not go to all cloudflare regions?
Any other ideas / thoughts?

More info:

Very strange, but if I print to console env.KEY_NAME as the first line of the fetch handler, the correct key (latest) is being printed, and used.
If I remove the log line, the key is reverted to old one.

One more detail, not sure if related - this service is calling another worker as a connected worker-service (configured in wrangler.toml).
The connected service also has a key with the same name.
Maybe there’s a bug there?

This really feels like a bug in Cloudflare, so I’d appreciate if someone from cf can get back to me on this.

I have another observation:
My worker has 2 entry points: fetch and queue.
The secret is only used in requests that are handled through the queue flow.
So it seems like the first time that a secret is set using wrangler secret put XX the secret can be fetched via env.XX in both fetch and queue.
However, once the secret is updated, requests that are handled via queue keep use the old secret, unless the secret is being accessed also from fetch

If you don’t redeploy after your secret put, does all work as expected?
Pushing a secret will do a new deployment

Along with that, what’s your pipeline for publishing? CLI? CI/CD? If so, where and how?

I wasn’t sure if secret put also redeploys so I did that manually.
I tried reproducing with a clean service and a minimal setup, but wasn’t able to do so.
I will try with my production service tomorrow morning when there’s almost no traffic.

This service has no CI/CD. I’m just using wrangler cli.

FYI - I’ve also reported this in github

I now removed the console.log line and everything works as expected - the secret is not reverted.
I will close the ticket because I can’t reproduce anymore, but I’m pretty sure that there is some problem because I double checked myself before posting this.
When I originally added the log line and everything seemed to be working, I tested everything again - removed the line, checked again, and re-added. This log line was the only change that I did and the secret was reverted.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.