Secrets
Secrets are sensitive values that must not be committed, stored in D1 as plaintext, or written to browser storage.
| Secret | Use |
|---|---|
ADMIN_PASSWORD | Initial admin password. The app should store a salted PBKDF2 hash in D1. |
CLOUDFLARE_API_TOKEN | Cloudflare sync, routing checks, and rule automation. Use least privilege. |
| External account secrets | Gmail app passwords or OAuth/provider credentials referenced by external account metadata. |
Plaintext runtime variables
| Variable | Use |
|---|---|
PRIMARY_DOMAIN | First managed email domain. This is not a secret. |
MANAGEMENT_HOST | Custom dashboard host such as mail.example.com or dock.example.com. |
PASSWORD_RESET_FROM | Verified sender address for reset emails, if password reset is enabled. |
WORKER_SCRIPT_NAME | Needed by rule automation when the script name differs from defaults. |
External account credentials
The UI should collect provider metadata and secret reference names, not raw passwords. D1 stores the email account metadata, provider settings, sync state, last error, and secret reference. The actual credential value stays in Worker secrets.