How secure is my javascript Workers source code from cloudflare employees?

How about to our Environment Variables? Does the team have read access to them? Some people store private keys inside environment variables.

There are two kinds of environment variables, secret and non-secret. Be sure to use the secret type for things like private keys. Secrets will be redacted from all dashboards that Cloudflare employees have access to. The API also makes it so you can’t download your own secrets, so even if an attacker has access to your account they can’t easily extract your secrets.


I suggest making a fully ECMA compliant interpreter and uploading it to workers; you can encrypt the bytecode and decrypt it in chunks of data. This will make it absurdly obscure for employees.
You can make your interpreter more obscure by erasing the method names. You can go as far as adding custom ranges and opcodes to fuzzle the code even more.

/s ? :orangeblob:

1 Like

Monsieur, I did not know you used to work for Skype