Secrets Store access control
Secrets Store allows security administrators to have more control by implementing role-based access. For details about roles at Cloudflare, refer to Fundamentals.
Refer to the list below for default role definitions.
- Can create, edit, duplicate, delete, and view secrets metadata.
- Can add a Secrets Store binding to a Worker.
- Can create an association between a secret and an AI gateway.
- Can create, edit, duplicate, delete, and view secrets metadata.
- Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets.
- Can add a Secrets Store binding to a Worker.
- Can create an association between a secret and an AI gateway.
- Can view secrets metadata.
- Cannot perform any actions (create, edit, duplicate, delete secrets), nor use Secrets Store integrations with other Cloudflare products.
The following API token permissions can also be used to grant access to Secrets Store resources.
- Account Secrets Store Edit: Allows a user to create, edit, duplicate, or delete secrets.
- Account Secrets Store Read: Allows a user to view secrets metadata.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark