[vitest-pool-workers] Add adminSecretsStore() to cloudflare:test

[penalosa]

Fixes #12778.

Secrets store bindings only expose a read-only .get() method, so there was previously no way to seed secret values from within a test. This adds adminSecretsStore() to cloudflare:test — a thin wrapper that returns Miniflare's existing admin API for a secrets store binding, giving tests full control over create/update/delete operations.

import { adminSecretsStore } from "cloudflare:test";
import { env } from "cloudflare:workers";

const admin = adminSecretsStore(env.MY_SECRET);
await admin.create("test-value");

const value = await env.MY_SECRET.get(); // "test-value"

---

• Tests
  • Tests included/updated
  • Automated tests not possible - manual testing has been completed as follows:
  • Additional testing not necessary because:
• Public documentation
  • Cloudflare docs PR(s): Document adminSecretsStore() in cloudflare:test for vitest-pool-workers cloudflare-docs#29388
  • Documentation not necessary because:

[changeset-bot]

🦋 Changeset detected

Latest commit: 0782d74

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

⚠️ Issues found

File: .changeset/vitest-pool-workers-secrets-store-persist.md

Issue: Version type should be minor, not patch

The changeset introduces a new exported helper function adminSecretsStore() in the cloudflare:test module. Per the changeset guidelines:

minor: New features, new CLI commands, new configuration options, deprecations...

Adding a new public API (adminSecretsStore()) is a new feature and warrants a minor bump. patch is reserved for bug fixes and small improvements, not new functionality.

The description, code example, and markdown formatting are all good — only the version type needs to be corrected to minor.

[ask-bonk]

Now I have a thorough understanding of the changes. Let me verify the interface signatures match the actual implementation:

Looking at the miniflare implementation in secret.worker.ts:

• create(value: string) => Promise<string> - matches
• update(value: string, id: string) => Promise<string> - matches
• duplicate(id: string, newName: string) => Promise<string> - matches
• delete(id: string) => Promise<void> - matches
• list() returns keys from KVNamespace.list<{ uuid: string }>() which is { name: string; metadata?: { uuid: string } }[] - matches
• get(id: string) => Promise<string> (returns secret.name) - matches

Everything looks correct. The SecretsStoreSecretAdmin interface in both secrets-store.ts and cloudflare-test.d.ts matches the actual miniflare implementation. The ADMIN_API constant is correctly duplicated with a clear comment about where it's sourced from. The type declarations are well-documented. The test covers the primary use case. The export wiring through test-internal.ts and test.ts follows the established pattern.

LGTM

github run

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13073

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13073

miniflare

npm i https://pkg.pr.new/miniflare@13073

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13073

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13073

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13073

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13073

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13073

wrangler

npm i https://pkg.pr.new/wrangler@13073

commit: 0782d74

[workers-devprod]

Codeowners approval required for this PR:

• ✅ @cloudflare/wrangler

Show detailed file reviewers

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.