I’m revisiting Cloudflare Functions as a possible serverless backend solution for a new project, and I’m trying to figure out how “secret” the env variables described in the documentation (https://developers.cloudflare.com/pages/platform/functions/#adding-environment-variables-locally) are?
I know that when I was using workers with a different project, I would upload my secrets via the CLI and they would not be visible or changeable in the dashboard. I don’t see that option for functions.
Before moving forward with functions, I’d like to make sure the env variables that I use on the backend are secure and won’t be accessible by anybody except me.
Environmental variables and secrets are exactly the same other than secrets are redacted in the dashboard - anyone with write access could dump them by deploying a Worker/Function.
Pages Functions currently only support environment variables, not secrets.