cloudflare · RebeccaTamachiro · Sep 3, 2025 · Sep 3, 2025 · Sep 3, 2025 · Sep 3, 2025
@@ -12,7 +12,7 @@ import { CardGrid, LinkTitleCard } from "~/components";
 
 Bring your own keys (BYOK) is a feature in Cloudflare AI Gateway that allows you to securely store your AI provider API keys directly in the Cloudflare dashboard. Instead of including API keys in every request to your AI models, you can configure them once in the dashboard, and reference them in your gateway configuration.
 
-The keys are stored securely with [Secret Store](/secrets-store/) and allows for:
+The keys are stored securely with [Secrets Store](/secrets-store/) and allows for:
 
 - Secure storage and limit exposure
 - Easier key rotation
@@ -23,7 +23,7 @@ The keys are stored securely with [Secret Store](/secrets-store/) and allows for
 ### Prerequisites
 
 - Ensure your gateway is [authenticated](/ai-gateway/configuration/authentication/).
-- Ensure you have appropriate permissions to create and deploy secrets on Secret Store.
+- Ensure you have appropriate [permissions](/secrets-store/access-control/) to create and deploy secrets on Secrets Store.
 
 ### Configure API keys
 

@@ -13,14 +13,30 @@ Secrets Store allows security administrators to have more control by implementin
 While all Cloudflare accounts will have access to the Secrets Store section on the dashboard, only users with the necessary permissions will be able to interact with it, as described below.
 :::
 
-## Relevant roles for Secrets Store
+## Relevant roles
 
 Refer to the list below for default role definitions.
 
-- **Super Administrator**: Can create, edit, duplicate, delete, and view secrets metadata. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/).
-- **Secrets Store Admin**: Can create, edit, duplicate, delete, and view secrets metadata.
-- **Secrets Store Deployer**: Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/).
-- **Secrets Store Reporter**: Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker.
+#### Super Administrator
+
+- Can create, edit, duplicate, delete, and view secrets metadata.
+- Can [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/).
+- Can [create an association between a secret and an AI gateway](/ai-gateway/configuration/bring-your-own-keys/).
+
+#### Secrets Store Admin
+
+- Can create, edit, duplicate, delete, and view secrets metadata.
+
+#### Secrets Store Deployer
+
+- Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets.
+- Can [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/).
+- Can [create an association between a secret and an AI gateway](/ai-gateway/configuration/bring-your-own-keys/).
+
+#### Secrets Store Reporter
+
+- Can view secrets metadata.
+- Cannot perform any actions (create, edit, duplicate, delete secrets), nor use Secrets Store integrations with other Cloudflare products.
 
 ## API token permissions
 

@@ -21,7 +21,7 @@ Encrypt and store sensitive information as secrets that are securely reusable ac
 
 Cloudflare Secrets Store is a secure, centralized location in which account-level secrets are stored and managed. The secrets are securely encrypted and stored across all [Cloudflare data centers](https://www.cloudflare.com/network/).
 
-Secrets Store is currently [compatible with Cloudflare Workers](/secrets-store/integrations/workers/). Integrations with other products will be added in the future.
+Secrets Store is currently compatible with [Cloudflare Workers](/secrets-store/integrations/workers/) and [AI Gateway](/ai-gateway/configuration/bring-your-own-keys/). Integrations with other products will be added in the future.
 
 :::note[China availability]
 Secrets Store is unavailable in the [Cloudflare China Network](/china-network/), operated by Cloudflare's partner JD Cloud.

@@ -0,0 +1,8 @@
+---
+pcx_content_type: navigation
+title: AI Gateway integration
+external_link: /ai-gateway/configuration/bring-your-own-keys/
+sidebar:
+  order: 3
+  label: AI Gateway
+---
@@ -1,12 +1,12 @@
 ---
-title: Use Secrets Store with Workers
+title: Workers integration
 pcx_content_type: tutorial
 sidebar:
   order: 1
-  label: Use with Workers
+  label: Workers
 ---
 
-import { WranglerConfig, Tabs, TabItem, APIRequest } from "~/components";
+import { WranglerConfig, Tabs, TabItem, APIRequest, DashButton } from "~/components";
 
 [Cloudflare Secrets Store](/secrets-store/) is a secure, centralized location in which account-level secrets are stored and managed. The secrets are securely encrypted and stored across all Cloudflare data centers.
 
@@ -56,8 +56,11 @@ npx wrangler secrets-store secret create <STORE_ID> --name MY_SECRET_NAME --scop
 
 </TabItem> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Secrets Store** and select **Create secret**.
+1. In the Cloudflare dashboard, go to the **Secrets Store** page.
+
+   <DashButton url="/?to=/:account/secrets-store" />
+
+2. Select **Create secret**.
 3. Fill in the required fields, choosing _Workers_ as the **Permission scope**. Once the secret is saved, the secret value will no longer be available for viewing.
 4. (Optional) Select **Add additional secret** to create more than one secret at a time.
 5. Select **Save** to confirm.
@@ -120,8 +123,11 @@ secrets_store_secrets = [
 
 ### Via Dashboard
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Workers & Pages** and select a Workers application.
+1. In the Cloudflare dashboard, go to **Workers & Pages**.
+
+   <DashButton url="/?to=/:account/workers-and-pages" />
+
+2. Select a Workers application.
 3. Go to **Settings** > **Bindings** and select **Add**.
 4. On the **Add a resource binding** side panel, choose **Secrets Store**.
 5. Fill in the required fields:

@@ -5,7 +5,7 @@ sidebar:
   order: 2
 ---
 
-import { Tabs, TabItem, APIRequest } from "~/components";
+import { Tabs, TabItem, APIRequest, DashButton } from "~/components";
 
 Refer to the sections below to learn about common actions you might want to take when managing your data in Secrets Store.
 
@@ -19,8 +19,11 @@ You must have a [Super Administrator or Secrets Store Admin role](/secrets-store
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Secrets Store** and select **Create secret**.
+1. In the Cloudflare dashboard, go to the **Secrets Store** page.
+
+   <DashButton url="/?to=/:account/secrets-store" />
+
+2. Select **Create secret**.
 3. Fill in the required fields. Note that, once the secret is saved, the secret value will no longer be available for viewing.
 4. (Optional) Select **Add additional secret** to create more than one secret at a time.
 5. Select **Save** to confirm.
@@ -58,12 +61,14 @@ Duplicate a secret to keep the same secret value but change name, scope, or comm
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Secrets Store**.
-3. Search for the secret you would like to duplicate within the existing secrets list.
-4. Select the three dots next to the secret and choose **Duplicate**.
-5. Edit the **Secret name**, **Permission scope**, or **Comment**, according to your needs.
-6. Select **Save** to confirm.
+1. In the Cloudflare dashboard, go to the **Secrets Store** page.
+
+   <DashButton url="/?to=/:account/secrets-store" />
+
+2. Search for the secret you would like to duplicate within the existing secrets list.
+3. Select the three dots next to the secret and choose **Duplicate**.
+4. Edit the **Secret name**, **Permission scope**, or **Comment**, according to your needs.
+5. Select **Save** to confirm.
 
 </TabItem> <TabItem label="API">
 
@@ -96,11 +101,13 @@ You can also edit the secret **Permission scope** and **Comment**.
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Secrets Store**.
-3. Search for the secret you would like to edit within the existing secrets list.
-4. Select the three dots next to the secret and choose **Edit**.
-5. Edit the available fields according to your needs and select **Save** to confirm.
+1. In the Cloudflare dashboard, go to the **Secrets Store** page.
+
+   <DashButton url="/?to=/:account/secrets-store" />
+
+2. Search for the secret you would like to edit within the existing secrets list.
+3. Select the three dots next to the secret and choose **Edit**.
+4. Edit the available fields according to your needs and select **Save** to confirm.
 
 </TabItem> <TabItem label="API">
 
@@ -123,16 +130,18 @@ https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/secrets_store/stores/$
 ## Delete a secret
 
 :::caution
-Before deleting a secret, make sure it is not deployed. Secrets Store secrets in use are listed in the respective [Workers application](https://dash.cloudflare.com/?to=/:account/workers-and-pages/) under **Settings** > **Bindings**.
+Before deleting a secret, make sure it is not deployed in your [Workers applications](https://dash.cloudflare.com/?to=/:account/workers-and-pages/) or [AI gateways](https://dash.cloudflare.com/?to=/:account/ai/ai-gateway).
 :::
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to **Secrets Store**.
-3. Search for the secret you would like to delete within the existing secrets list.
-4. Select the three dots next to the secret and choose **Delete**.
-5. Type in the secret name and select **Delete** to confirm.
+1. In the Cloudflare dashboard, go to the **Secrets Store** page.
+
+   <DashButton url="/?to=/:account/secrets-store" />
+
+2. Search for the secret you would like to delete within the existing secrets list.
+3. Select the three dots next to the secret and choose **Delete**.
+4. Type in the secret name and select **Delete** to confirm.
 
 </TabItem> <TabItem label="API">