Summary

The new secrets configuration property (secrets.required) lets you declare the secret names a Worker needs in your wrangler.toml / wrangler.jsonc. Wrangler uses that list for local development, type generation, and deploy-time validation so missing secrets are caught earlier and CI-friendly typing works without env files.

Key Points

• Configure required secrets in your Wrangler config:

  JSON example:

  {
    "secrets": { "required": ["API_KEY", "DB_PASSWORD"] }
  }
  

  TOML example:

  [secrets]
  required = ["API_KEY", "DB_PASSWORD"]
  

• Local development: wrangler dev and vite dev will load only keys listed in secrets.required from .dev.vars / .env / process.env. Extra keys are ignored. Missing required secrets produce a logged warning listing names.

• Type generation: wrangler types generates typed secret bindings from secrets.required (not inferred from env files), enabling safe typegen in CI. Per-environment secrets become optional in the aggregated Env type if they only exist for some environments.

• Deploy validation: wrangler deploy and wrangler versions validate that each name in secrets.required is configured for the Worker and will fail with an error listing any missing secrets.

Recommended actions

• Add all required secret names to secrets.required in your Wrangler config.
• Ensure those secrets are set in your Cloudflare Worker environments (or in local .dev.vars for development).
• Run wrangler types in CI to produce consistent typed bindings without relying on env files.