What's the right way for secrets handling at runtime ? #506
Description
Hello again,
I'm trying to interact with mistral API, and it's the first time I need to use a secret at runtime on the CF Workers so I'm not sure I do the right thing.
The problem is when I hit the api route I have a 401 error in production, but it works fine in local dev. So I guess I missed something, but I can't figure out what.
My understanding of the situation is I need to replace .env file with variables defined in the cloudflare dashboard ?
Thanks for you help, I've tried different things, but each time I need to build and deploy and I ran out of ideas so I'm kinda stuck.
edit : if I deploy with pnpm build and npx nuxthub deploy --no-build it works, maybe because the API key is copied from my .env file ?
edit2 : ok, so I defined the secret in github environment variables, like I did for nuxt ui pro licence key, and it works. I'm confused because in my mind there was two kind of variables, those for the build defined in github and those for the runtime defined in cloudflare... It works now but I'm not sure I understand why !
Here's my route API :
export default defineEventHandler(async (event) => {
setResponseHeader(event, 'Content-Type', 'text/html')
setResponseHeader(event, 'Cache-Control', 'no-cache')
setResponseHeader(event, 'Transfer-Encoding', 'chunked')
const body = await readBody(event)
console.log('Body:', body)
const config = useRuntimeConfig()
const response = await $fetch('https://api.mistral.ai/v1/chat/completions', {
headers: {
Authorization: `Bearer ${config.mistralAPI}`,
'Content-Type': 'application/json',
},
method: 'POST',
responseType: 'stream',
body: JSON.stringify({
model: 'mistral-tiny',
stream: true,
messages: [{ role: 'user', content: body.query }],
}),
})
return response
})In nuxt.config.ts:
runtimeConfig: {
mistralAPI: process.env.MISTRAL_API_KEY,
session: {
cookie: {
domain: '.nsi.rocks',
},
},
},In Cloudflare dashboard :
