Skip to content
Cloudflare Docs

Secrets Store access control

Secrets Store allows security administrators to have more control by implementing role-based access. For details about roles at Cloudflare, refer to Fundamentals.

Relevant roles for Secrets Store

Refer to the list below for default role definitions.

  • Super Administrator: Can create, edit, duplicate, delete, and view secrets metadata.
  • Secrets Store Admin: Can create, edit, duplicate, delete, and view secrets metadata.
  • Secrets Store Deployer: Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also add a Secrets Store binding to a Worker.
  • Secrets Store Reporter: Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker.

API token permissions

The following API token permissions can also be used to grant access to Secrets Store resources.

  • Account Secrets Store Edit: Allows a user to create, edit, duplicate, or delete secrets.
  • Account Secrets Store Read: Allows a user to view secrets metadata.