Cybersoulja · Cybersoulja · Apr 18, 2026 · Apr 18, 2026 · gemini-code-assist · Apr 18, 2026
diff --git a/.changeset/add-secrets-store-binding.md b/.changeset/add-secrets-store-binding.md
@@ -0,0 +1,5 @@
+---
+"r2-explorer": minor
+---
+
+Add support for Cloudflare Workers Secrets Store bindings. The `AppEnv` type now includes `SecretsStoreSecret` alongside `R2Bucket` and `Fetcher`, so workers with `[[secrets_store_secrets]]` bindings in `wrangler.toml` are fully typed. Example configuration added to the template `wrangler.toml`.
diff --git a/packages/worker/dev/wrangler.toml b/packages/worker/dev/wrangler.toml
@@ -9,3 +9,8 @@ binding = 'teste'
 bucket_name = 'teste'
 preview_bucket_name = 'teste'
 
+# [[secrets_store_secrets]]
+# binding = "MY_SECRET"
+# secret_name = "my-secret-name"
+# store_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
diff --git a/packages/worker/src/types.d.ts b/packages/worker/src/types.d.ts
@@ -38,7 +38,7 @@ export type ShareMetadata = {
 
 export type AppEnv = {
 	ASSETS: Fetcher;
-	[key: string]: R2Bucket;
+	[key: string]: R2Bucket | SecretsStoreSecret | Fetcher;
 };
 export type AppVariables = {
 	config: R2ExplorerConfig;

diff --git a/packages/worker/tests/bindings.d.ts b/packages/worker/tests/bindings.d.ts
@@ -2,6 +2,7 @@ export type Env = AppEnv & {
 	ASSETS: Fetcher;
 	MY_TEST_BUCKET_1: R2Bucket;
 	MY_TEST_BUCKET_2: R2Bucket;
+	MY_SECRET: SecretsStoreSecret;
 };
 
 declare module "cloudflare:test" {

diff --git a/packages/worker/tests/integration/server.test.ts b/packages/worker/tests/integration/server.test.ts
@@ -36,6 +36,7 @@ describe("Server Endpoints", () => {
 		expect(body.buckets).not.toEqual(
 			expect.arrayContaining([
 				expect.objectContaining({ name: "NON_R2_BINDING" }),
+				expect.objectContaining({ name: "MY_SECRET" }),
 			]),
 		);
 		// Check for at least the expected buckets (test environment may create additional ones)

diff --git a/packages/worker/tests/vitest.config.mts b/packages/worker/tests/vitest.config.mts
@@ -22,6 +22,7 @@ export default defineWorkersConfig({
 					},
 					bindings: {
 						NON_R2_BINDING: { type: "var", value: "some_value" }, // For testing non-bucket bindings
+						MY_SECRET: { type: "var", value: "mock-secret-value" }, // Mock SecretsStoreSecret binding
 						// Add other global bindings if needed by the worker, e.g., KV or D1
 						// EMAIL_SENDER: { type: "send_email", ... } // if using abstract senders for emails
 					},

diff --git a/template/wrangler.toml b/template/wrangler.toml
@@ -8,3 +8,10 @@ assets = { directory = "node_modules/r2-explorer/dashboard", binding = "ASSETS",
 [[r2_buckets]]
 binding = "BUCKET"
 bucket_name = "bucket"
+
+# Bind Cloudflare Secrets Store secrets to your worker (optional).
+# Docs: https://developers.cloudflare.com/workers/runtime-apis/bindings/secrets-store/
+# [[secrets_store_secrets]]
+# binding = "MY_SECRET"
+# secret_name = "my-secret-name"
+# store_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"