workflow
unanchored
rotate-cf-worker-secret
Generate secure random secret, set on CF worker, print new value.
cloudflareworkerssecretsrotationsecurity
Body
param([string]$scriptName="",[string]$secretName="",[string]$token="",[string]$account="269368ec7f35ec20dd0485e72fe3ee56")\nif(-not $token){$token=$env:CF_API_TOKEN}\nif(-not $scriptName -or -not $secretName){Write-Error "scriptName and secretName required";exit 1}\n$new=[Convert]::ToBase64String((1..32|ForEach-Object{[byte](Get-Random -Max 256)}))\n$body=@{name=$secretName;text=$new;type="secret_text"}|ConvertTo-Json\n(Invoke-WebRequest -Uri "https://api.cloudflare.com/client/v4/accounts/$account/workers/scripts/$scriptName/secrets" -Method PUT -Headers @{"Authorization"="Bearer $token";"Content-Type"="application/json"} -Body $body)|Out-Null\nWrite-Output "Rotated $secretName on $scriptName"\nWrite-Output "New value: $new"
Provenance
Cryptographic details
| id | reg_wf_rotate_secret |
| content sha256 | b365bd1e40dbdf30f509303edde39f805ed42601b2a6c1c780cd1b3bc1997c58 |
Execute via API
POST /api/execute
{ "ref": "reg_wf_rotate_secret" }
// or by hash prefix:
{ "ref": "b365bd1e40dbdf30" }
Resolves this artifact by hash — deterministic, provenance-proven. Generation cost is zero when the hash exists.