cfw
A build and deploy utility for Cloudflare Workers.
WORK IN PROGRESS
Status: Functional, but incomplete.
Credentials
There are two approaches in providing cfw
with a set of Cloudflare credentials:
Persisted
Create a ~/.cfw/config
file, where ~
is that path to your home directory. Inside, you'll store your credentials under different "profile" namespaces. (If you're familiar, this is very similar to an AWS credentials file.) An example file may look like this:
[personal]
CLOUDFLARE_AUTH_EMAIL = hello@me.com
CLOUDFLARE_ACCOUNTID = ACCOUNTID_VALUE
CLOUDFLARE_AUTH_KEY = GLOBAL_API_KEY
CLOUDFLARE_ZONEID = ZONEID_VALUE
In this case, we have a "personal" profile containing our personal account credentials. You can define multiple credential groups by repeating this template as needed, using different profile names.
[personal]
CLOUDFLARE_AUTH_EMAIL = hello@me.com
# ...
[work]
CLOUDFLARE_AUTH_EMAIL = hello@company.com
# ...
Additionally, all credential key names may be lowercased.
Default Profile
If a profile named [default]
exists, then cfw
will auto-load that credentials group when no there is no profile configured.
Selecting a Profile
You may use a profile
key inside your configuration file, or define --profile
when running an cfw
command.
Environment Variables
The same keys found within your credentials file may be used again as environment variables.
When defined, an environment variable takes priority over all other configuration avenues.
-
CLOUDFLARE_ACCOUNTID
– your account identifier; alias ofconfig.accountid
-
CLOUDFLARE_AUTH_EMAIL
– your account email address; alias ofconfig.email
-
CLOUDFLARE_AUTH_KEY
– your account's global API key; alias ofconfig.authkey
-
CLOUDFLARE_ZONEID
– your domain/zone's identifier; alias ofconfig.zoneid
-
CLOUDFLARE_TOKEN
– an API access token; alias ofconfig.token
Authentication
In order to successfull access your Cloudflare account's resources, you must satisfy the following requirements:
-
A
CLOUDFLARE_ACCOUNTID
(orconfig.accountid
) is always required. -
A valid token or key-pair; you have two options:
-
A
CLOUDFLARE_TOKEN
(orconfig.token
) containing a valid API token.
(Recommended) Preferred solution, as this API token can be narrowly scoped and can be revoked at any time. -
A valid
CLOUDFLARE_AUTH_EMAIL
andCLOUDFLARE_AUTH_KEY
combination.
This requires your Global API Key, which grants full access to all account resources.
-
-
A
CLOUDFLARE_ZONEID
is only required if you are not deploying to a*.workers.dev
subdomain (viaconfig.subdomain
).
The following profiles represent valid combinations:
[recommended]
cloudflare_accountid = da32...
cloudflare_token = 78a...
# (optional) cloudflare_zoneid = b58...
[other]
cloudflare_accountid = da32...
cloudflare_auth_email = hello@example.com
cloudflare_auth_key = 62d...
# (optional) cloudflare_zoneid = b58...
License
MIT © Luke Edwards