From f5df8f7d5f9f08812c79e8fd17a30e542eaa934e Mon Sep 17 00:00:00 2001 From: Dario Piotrowicz Date: Tue, 24 Mar 2026 01:23:06 +0000 Subject: [PATCH] Add docs for `CLOUDFLARE_ACCESS_CLIENT_ID` and `CLOUDFLARE_ACCESS_CLIENT_SECRET` system environment variables --- src/content/docs/workers/development-testing/index.mdx | 2 ++ .../workers/wrangler/system-environment-variables.mdx | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/src/content/docs/workers/development-testing/index.mdx b/src/content/docs/workers/development-testing/index.mdx index c896d1a2222e9e7..5e691e40e75f476 100644 --- a/src/content/docs/workers/development-testing/index.mdx +++ b/src/content/docs/workers/development-testing/index.mdx @@ -303,6 +303,8 @@ There are two recommended patterns for this: - **Network latency**: Expect network latency for operations on these remotely connected bindings, as they involve communication over the internet. +- **CI and non-interactive environments**: If your worker uses [Cloudflare Access](/cloudflare-one/), Wrangler must authenticate with Access when connecting to remote bindings. In non-interactive environments such as CI/CD pipelines, set the `CLOUDFLARE_ACCESS_CLIENT_ID` and `CLOUDFLARE_ACCESS_CLIENT_SECRET` [system environment variables](/workers/wrangler/system-environment-variables/) to authenticate using an [Access Service Token](/cloudflare-one/access-controls/service-credentials/service-tokens/). Without these variables, Wrangler throws an error instead of launching the interactive `cloudflared access login` flow. + ### API Wrangler provides programmatic utilities to help tooling authors support remote binding connections when running Workers code with [Miniflare](/workers/testing/miniflare/). diff --git a/src/content/docs/workers/wrangler/system-environment-variables.mdx b/src/content/docs/workers/wrangler/system-environment-variables.mdx index 9ae60d873f950fa..167eafe4d08cebc 100644 --- a/src/content/docs/workers/wrangler/system-environment-variables.mdx +++ b/src/content/docs/workers/wrangler/system-environment-variables.mdx @@ -51,6 +51,14 @@ Wrangler supports the following environment variables: - The email address associated with your Cloudflare account, usually used for older authentication method with `CLOUDFLARE_API_KEY=`. +- `CLOUDFLARE_ACCESS_CLIENT_ID` + + - The Client ID of a [Cloudflare Access Service Token](/cloudflare-one/access-controls/service-credentials/service-tokens/), used to authenticate with Access-protected domains in non-interactive environments such as CI/CD pipelines. Must be set together with `CLOUDFLARE_ACCESS_CLIENT_SECRET`. When both variables are set, Wrangler authenticates using the service token instead of launching `cloudflared access login`. + +- `CLOUDFLARE_ACCESS_CLIENT_SECRET` + + - The Client Secret of a [Cloudflare Access Service Token](/cloudflare-one/access-controls/service-credentials/service-tokens/), used together with `CLOUDFLARE_ACCESS_CLIENT_ID` to authenticate with Access-protected domains in non-interactive environments. + - `CLOUDFLARE_ENV` - The [environment](/workers/wrangler/environments/) to use for Wrangler commands. This allows you to select an environment without using the `--env` flag. For example, `CLOUDFLARE_ENV=production wrangler deploy` will deploy to the `production` environment. The `--env` command line argument takes precedence over this environment variable.