Secrets Store access control
Secrets Store allows security administrators to have more control by implementing role-based access. For details about roles at Cloudflare, refer to Fundamentals.
Refer to the list below for default role definitions.
- Super Administrator: Can create, edit, duplicate, delete, and view secrets metadata. Can also add a Secrets Store binding to a Worker.
- Secrets Store Admin: Can create, edit, duplicate, delete, and view secrets metadata.
- Secrets Store Deployer: Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also add a Secrets Store binding to a Worker.
- Secrets Store Reporter: Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker.
The following API token permissions can also be used to grant access to Secrets Store resources.
- Account Secrets Store Edit: Allows a user to create, edit, duplicate, or delete secrets.
- Account Secrets Store Read: Allows a user to view secrets metadata.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark