Using wrangler secrets for environment variables

Quick question:

Is there any added cost (in terms of pricing and/or latency) of using secrets in workers (ie vs plain variables.

Only while plain environment variables can be stored in the script, I wondered whether behind the scenes secrets uses KV … which has a cost per read in dollars and latency. So if I store 5 secrets, would that incur 5 KV reads on every script execution.


Anyone? :slight_smile: Someone must be using secrets.

It doesn’t use KV so I don’t think it has any cost, but you can only have a very limited amount of secrets.

To avoid both limitations, I store an encryption key inside a secret and use that to unlock a KV that holds the actual secrets. To create the encrypted KV; I use a local function that uses the secret to encrypt and upload it. To avoid cost, the KV can be stored in cache and only be invalidated when needed.

1 Like

Ah, that’s clever.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.