Skip to content

Commit 653f2f1

Browse files
nikolanovoselecnikolanovoselec
committed
docs: document wrangler secret usage
1 parent 9812adb commit 653f2f1

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

README.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -45,16 +45,16 @@ clear ingress controls, governed egress, and auditable operations.
4545

4646
## Required Cloudflare Secrets
4747

48-
| Secret | Purpose | Required |
49-
| --- | --- | --- |
50-
| `MICROSOFT_CLIENT_ID` | Microsoft Entra application (client) ID used during OAuth flows. ||
51-
| `MICROSOFT_TENANT_ID` | Microsoft Entra tenant identifier for token endpoints. ||
52-
| `GRAPH_API_VERSION` | Microsoft Graph API version (e.g., `v1.0`) used when constructing routes. ||
53-
| `MICROSOFT_CLIENT_SECRET` | Microsoft Entra application secret used for code/refresh exchanges. ||
54-
| `ENCRYPTION_KEY` | 32-byte hex key for encrypting Durable Object state and OAuth props. ||
55-
| `COOKIE_ENCRYPTION_KEY` | 32-byte hex key for Access approval cookie encryption. ||
56-
| `COOKIE_SECRET` | HMAC secret for signing Access approval cookies. ||
57-
| `AI_GATEWAY_SERVICE_TOKEN` | Service token for AI Gateway if policies require authenticated Worker access. | Optional |
48+
| Secret | Purpose | Required | Provisioning |
49+
| --- | --- | --- | --- |
50+
| `MICROSOFT_CLIENT_ID` | Microsoft Entra application (client) ID used during OAuth flows. || `wrangler secret put MICROSOFT_CLIENT_ID` |
51+
| `MICROSOFT_TENANT_ID` | Microsoft Entra tenant identifier for token endpoints. || `wrangler secret put MICROSOFT_TENANT_ID` |
52+
| `GRAPH_API_VERSION` | Microsoft Graph API version (e.g., `v1.0`) used when constructing routes. || `wrangler secret put GRAPH_API_VERSION` |
53+
| `MICROSOFT_CLIENT_SECRET` | Microsoft Entra application secret used for code/refresh exchanges. Must never live in `wrangler.toml` or environment variables. | | `wrangler secret put MICROSOFT_CLIENT_SECRET` |
54+
| `ENCRYPTION_KEY` | 32-byte hex key for encrypting Durable Object state and OAuth props. || `wrangler secret put ENCRYPTION_KEY` |
55+
| `COOKIE_ENCRYPTION_KEY` | 32-byte hex key for Access approval cookie encryption. || `wrangler secret put COOKIE_ENCRYPTION_KEY` |
56+
| `COOKIE_SECRET` | HMAC secret for signing Access approval cookies. || `wrangler secret put COOKIE_SECRET` |
57+
| `AI_GATEWAY_SERVICE_TOKEN` | Service token for AI Gateway if policies require authenticated Worker access. | Optional | `wrangler secret put AI_GATEWAY_SERVICE_TOKEN` |
5858

5959
## Repository Map
6060

0 commit comments

Comments
 (0)