Secrets Store access control
Secrets Store allows security administrators to have more control by implementing role-based access. For details about roles at Cloudflare, refer to Fundamentals.
Relevant roles for Secrets Store
Section titled “Relevant roles for Secrets Store”Refer to the list below for default role definitions.
- Super Administrator: Can create, edit, duplicate, delete, and view secrets metadata. Can also add a Secrets Store binding to a Worker.
- Secrets Store Admin: Can create, edit, duplicate, delete, and view secrets metadata.
- Secrets Store Deployer: Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also add a Secrets Store binding to a Worker.
- Secrets Store Reporter: Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker.
API token permissions
Section titled “API token permissions”The following API token permissions can also be used to grant access to Secrets Store resources.
- Account Secrets Store Edit: Allows a user to create, edit, duplicate, or delete secrets.
- Account Secrets Store Read: Allows a user to view secrets metadata.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark