Skip to content
Cloudflare Docs

Secrets Store access control

Secrets Store allows security administrators to have more control by implementing role-based access. For details about roles at Cloudflare, refer to Fundamentals.

Relevant roles

Refer to the list below for default role definitions.

Super Administrator

Secrets Store Admin

  • Can create, edit, duplicate, delete, and view secrets metadata.

Secrets Store Deployer

Secrets Store Reporter

  • Can view secrets metadata.
  • Cannot perform any actions (create, edit, duplicate, delete secrets), nor use Secrets Store integrations with other Cloudflare products.

API token permissions

The following API token permissions can also be used to grant access to Secrets Store resources.

  • Account Secrets Store Edit: Allows a user to create, edit, duplicate, or delete secrets.
  • Account Secrets Store Read: Allows a user to view secrets metadata.