Environment variables in Functions

I’m revisiting Cloudflare Functions as a possible serverless backend solution for a new project, and I’m trying to figure out how “secret” the env variables described in the documentation (https://developers.cloudflare.com/pages/platform/functions/#adding-environment-variables-locally) are?

I know that when I was using workers with a different project, I would upload my secrets via the CLI and they would not be visible or changeable in the dashboard. I don’t see that option for functions.

Before moving forward with functions, I’d like to make sure the env variables that I use on the backend are secure and won’t be accessible by anybody except me.

Environmental variables and secrets are exactly the same other than secrets are redacted in the dashboard - anyone with write access could dump them by deploying a Worker/Function.

Pages Functions currently only support environment variables, not secrets.

So the only difference between env variables and secrets is that secrets are redacted in the dashboard?

I’m just trying to make sure my super-secret-api-key doesn’t get exposed if I switch from using a worker to functions.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.