Is it safe to use hard coded passwords inside Cloudflare worker code?
Is there a risk that hacker/end user could somehow get access to this pwd or myUrl secret url?
async function handleRequest(request) {
const init = {
headers: {
"pwd": "xyz123"}
const response = await fetch(myURL, init);
You should use secret environment variables for this: https://developers.cloudflare.com/workers/platform/environment-variables/
Cloudflare will not reveal your code to third parties, so hard-coded secrets are not necessarily a problem. However, using secret environment variables will add extra protections, such as making sure that if an attacker were to compromise your Cloudflare account (e.g. if they guessed your password), they cannot easily download the secret through the API (whereas they could easily download your worker code). Additionally, certain Cloudflare employees who work on Cloudflare Workers may be able to view your code if needed to debug a problem in the system, but no Cloudflare employee is permitted to look at your secret environment variables.