Worker Secrets Size Limitation

I’m loving the ease of workers so far!

Although, I’m struggling to get around the 1kb size limit for workers secrets! I’m currently trying to access Google endpoints using a JWT. I’ve been unable to get the service account JSON file into the secrets.

I’ve also tried the tutorial here: Writing an API at the Edge with Workers and Cloud Firestore

My guess is since then Google have increased the key size!

Any idea’s on how to get around this?

You can use a KV for it and use the Secres as the key to namespace and key, so it should be a long random string for the key.

KVs are stored encrypted too, so in terms of security it should be the similar to Secrets, with one key difference though, it’s possible to view the KV contents inside of the CF Workers panel. So be careful who has access to it. Same goes with listing keys, that’s why the namespace and key have to be un-guessable.

Have you measured the size of the JSON Web Token?

You could circumvent the issue by splitting the JWT into several secrets, then joining them on your script, ideally as a global variable.

const JWT = FRAGMENT1 + FRAGMENT2 + FRAGMENT3;
1 Like

Seems the limit has been raised from 1kb to 5kb, maybe this haven’t come into effect yet.

In that case you can wait until CF have applied the change.

1 Like