Environment variables
Background
Environment variables are a type of binding that allow you to attach text strings or JSON values to your Worker. Environment variables are available on the env
parameter passed to your Worker’s fetch
event handler.
Text strings and JSON values are not encrypted and are useful for storing application configuration.
Add environment variables via Wrangler
Text and JSON values are defined via the [vars]
configuration in your wrangler.toml
file. In the following example, API_HOST
and API_ACCOUNT_ID
are text values and SERVICE_X_DATA
is a JSON value.
Refer to the following example on how to access the API_HOST
environment variable in your Worker code:
vars
is a non-inheritable key. Non-inheritable keys are configurable at the top-level, but cannot be inherited by environments and must be specified for each environment.
To define environment variables for different environments, refer to the example below:
For local development with wrangler dev
, variables in wrangler.toml
are automatically overridden by any values defined in a .dev.vars
file located in the root directory of your worker. This is useful for providing values you do not want to check in to source control.
Alternatively, you can specify per-environment values in wrangler.toml
and provide an environment
value via the env
flag when developing locally like so wrangler dev --env=local
.
Add environment variables via the dashboard
To add environment variables via the dashboard:
- Log in to Cloudflare dashboard ↗ and select your account.
- Select Workers & Pages.
- In Overview, select your Worker.
- Select Settings.
- Under Variables and Secrets, select Add.
- Select a Type, input a Variable name, and input its Value. This variable will be made available to your Worker.
- (Optional) To add multiple environment variables, select Add variable.
- Select Deploy to implement your changes.
Compare secrets and environment variables
Secrets are environment variables. The difference is secret values are not visible within Wrangler or Cloudflare dashboard after you define them. This means that sensitive data, including passwords or API tokens, should always be encrypted to prevent data leaks. To your Worker, there is no difference between an environment variable and a secret. The secret’s value is passed through as defined.
Related resources
- Learn how to access environment variables in ES modules syntax for an optimized experience.