Set a production secret interactively

secrets & env vars

// what it does

Prompts you (hidden input) for the value, encrypts it, and binds it to the Worker so it's available on `env.API_KEY` at runtime. This is the everyday way to store an API key, DB password, or Hyperdrive credential that must never live in your repo or config file. Setting a secret creates a new deployed version of the Worker.

// shell

$ wrangler secret put API_KEY

// gotcha

Secrets are write-only — you can never read the value back, only see the name via `wrangler secret list`. With no `--env`, it targets the top-level Worker, which is a different secret store from any named environment.