Cloudflare Workers: Bindings vs Env — Where Your Secret Actually Leaks
Cloudflare treats 'Environment Variables' and 'Secret Bindings' as different things. Vibe-coded Workers mix them up, and half the 'secret' values end up readable in the Worker's preview URL.
Cloudflare Workers have two similarly-named things that behave very differently:
- Environment Variables — readable by anyone with the preview URL.
- Secret Bindings — encrypted at rest, injected at runtime only.
AI scaffolding tools prompt wrangler secret put API_KEY sometimes and wrangler env put API_KEY other times, and the difference matters a lot.
The exploit
If you put a secret in env, the preview URL of the Worker includes it in the response headers of the /cdn-cgi/trace style metadata endpoint on many account setups. Anyone who reads your wrangler.toml commit can visit the preview URL and exfiltrate it.
The checklist
wrangler secret list— what's actually a secret?wrangler env list— what's plaintext?- Grep
wrangler.tomlfor[vars]— anything with_KEY,_SECRET,_TOKENin there is misclassified. - Preview URL curl:
curl -s https://your-worker.your-account.workers.dev/__metrics 2>/dev/null | head
Rotate if misclassified
If a secret sat in [vars] for any time, treat it as public. Rotate immediately — Cloudflare preview URLs are indexed by the same bots that index the public Workers registry.
Free security scan
Test your app for these vulnerabilities
VibeWShield automatically scans for everything covered in this article and more — 18 security checks in under 3 minutes.
Scan your app free