Secrets Handling Policy
Policy
Section titled “Policy”- No secrets, API keys, or tokens in this repository or in Docker images.
- Local development uses mocked data or environment variables loaded at runtime.
- Cloudflare Pages secrets (if required) must be scoped to individual projects.
Storage Options
Section titled “Storage Options”| Scenario | Recommended Store |
|---|---|
| Cloudflare Pages build secrets | Cloudflare Pages project settings |
| Worker runtime secrets (future) | wrangler secret put |
| Local overrides | .env.local ignored by git |
Handling Steps
Section titled “Handling Steps”- Request secrets through the security team; track approvals in the platform ticketing system.
- Store secrets in the approved platform store; never send via email or chat.
- Update this policy when new services are onboarded or storage mechanisms change.
Verification
Section titled “Verification”- Periodic scans (git-secrets or equivalent) before release.
- Manual reviews of Cloudflare configuration during quarterly security checks.