wrangler.toml Secrets

[TheAutisticTechie]

Cannot see a way of keeping the Account ID and Zone ID a secret within github. The Github Actions secrets don't work within the file. I'm sure it's possible but I'm missing it in the documentation somewhere

This doesn't work

type = "webpack"
account_id = "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}"
workers_dev = false
route = "*domain.com/*"
zone_id = "${{ secrets.CLOUDFLARE_ZONE_ID }}"

[site]
bucket = "./public"

Whereas this works without an issue

type = "webpack"
account_id = "1234567890"
workers_dev = false
route = "*domain.com/*"
zone_id = "0987654321"

[site]
bucket = "./public"

[EverlastingBugstopper]

Hi @Nasherx - two things.

1. It is safe to expose your zone id and account id, these need not be secret. Just make sure to keep your API token/key secret!
2. Wrangler will read from environment variables, so if you set $CF_ACCOUNT_ID and $CF_ZONE_ID when running any Wrangler command, it will override what's in your wrangler.toml.

Hope this helps 😄

[kristianfreeman]

Yep, @EverlastingBugstopper is totally right! While there isn't a variable set up in the action to handle this, you should be able to use GitHub Action's built-in env var support:

- name: Publish
  uses: cloudflare/wrangler-action@1.1.0
  env:
    CF_ACCOUNT_ID: {{ secrets.cf_account_id }}
    CF_ZONE_ID: {{ secrets.cf_zone_id }}

The above is kinda pseudo-code, I haven't tested it, so if that works, let me know! Would be useful to document in the README 👍

[TheAutisticTechie]

Adding the env variables still fails but i think its just my lack of understanding, I'm only just getting back into development.

If its fine to have account ID and zone ID public then i'm happy 😊

[ct-martin]

In case you're like me and finding this later, the code snippet is almost right; it's just missing a $ for the variables. Without this thread I probably wouldn't have figured out how to do this nor that those tokens are actually ok to publish anyway; huge thanks to all for the clarification.

Here's the step I'm using (also with apiToken):

- name: Publish
  uses: cloudflare/wrangler-action@1.2.0
  with:
    apiToken: ${{ secrets.CF_API_TOKEN }}
  env:
    CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
    CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }}