cfw
A build and deploy utility for Cloudflare Workers.
WORK IN PROGRESS
Status: Functional, but incomplete.
Credentials
There are two approaches in providing cfw
with a set of Cloudflare credentials:
Persisted
Create a ~/.cfw/config
file, where ~
is that path to your home directory. Inside, you'll store your credentials under different "profile" namespaces. (If you're familiar, this is very similar to an AWS credentials file.) An example file may look like this:
[personal]
CLOUDFLARE_AUTH_EMAIL = [email protected]
CLOUDFLARE_ACCOUNTID = ACCOUNTID_VALUE
CLOUDFLARE_AUTH_KEY = GLOBAL_API_KEY
CLOUDFLARE_ZONEID = ZONEID_VALUE
In this case, we have a "personal" profile containing our personal account credentials. You can define multiple credential groups by repeating this template as needed, using different profile names.
[personal]
CLOUDFLARE_AUTH_EMAIL = [email protected]
# ...
[work]
CLOUDFLARE_AUTH_EMAIL = [email protected]
# ...
Additionally, all credential key names may be lowercased.
Default Profile
If a profile named [default]
exists, then cfw
will auto-load that credentials group when no there is no profile configured.
Selecting a Profile
You may use a profile
key inside your configuration file, or define --profile
when running an cfw
command.
Environment Variables
The same keys found within your credentials file may be used again as environment variables.
When defined, an environment variable takes priority over all other configuration avenues.
CLOUDFLARE_ACCOUNTID
โ your account identifier; alias ofconfig.accountid
CLOUDFLARE_AUTH_EMAIL
โ your account email address; alias ofconfig.email
CLOUDFLARE_AUTH_KEY
โย your account's global API key; alias ofconfig.authkey
CLOUDFLARE_ZONEID
โย your domain/zone's identifier; alias ofconfig.zoneid
CLOUDFLARE_TOKEN
โย an API access token; alias ofconfig.token
Authentication
In order to successfull access your Cloudflare account's resources, you must satisfy the following requirements:
-
A
CLOUDFLARE_ACCOUNTID
(orconfig.accountid
) is always required. -
A valid token or key-pair; you have two options:
-
A
CLOUDFLARE_TOKEN
(orconfig.token
) containing a valid API token.
(Recommended) Preferred solution, as this API token can be narrowly scoped and can be revoked at any time. -
A valid
CLOUDFLARE_AUTH_EMAIL
andCLOUDFLARE_AUTH_KEY
combination.
This requires your Global API Key, which grants full access to all account resources.
-
-
A
CLOUDFLARE_ZONEID
is only required if you are not deploying to a*.workers.dev
subdomain (viaconfig.subdomain
).
The following profiles represent valid combinations:
[recommended]
cloudflare_accountid = da32...
cloudflare_token = 78a...
# (optional) cloudflare_zoneid = b58...
[other]
cloudflare_accountid = da32...
cloudflare_auth_email = [email protected]
cloudflare_auth_key = 62d...
# (optional) cloudflare_zoneid = b58...
License
MIT ยฉ Luke Edwards