# Step 1: Clone the starter project

## Set the foundation with a ready-to-use project built for secure configuration workflows.

To focus on the secrets management workflow, you'll use a sample Worker that's designed to verify your secrets configuration. Start by cloning the repository:

```plaintext
1# Language - bash
2git clone https://github.com/asaoluelijah/cloudflare-workers-demo.git
3cd cloudflare-workers-demo
4npm install
```

The project contains a Worker with a /secrets endpoint that reports which secrets are configured without revealing their actual values. This makes it easy to verify that your integration is working at each step.

Here's the relevant code from src/index.js:

```javascript
1function status(value) {
2  return value ? 'configured' : 'missing';
3}
4
5export default {
6  async fetch(request, env) {
7    const url = new URL(request.url);
8
9    if (url.pathname === '/secrets') {
10      return json({
11        environment: env.ENVIRONMENT || 'unknown',
12
13        secrets: {
14          API_KEY_PUBLIC: status(env.API_KEY_PUBLIC),
15          API_KEY_PRIVATE: status(env.API_KEY_PRIVATE),
16          WEBHOOK_SIGNING_SECRET: status(env.WEBHOOK_SIGNING_SECRET),
17          INTERNAL_SERVICE_TOKEN: status(env.INTERNAL_SERVICE_TOKEN),
18          SENTRY_DSN: env.SENTRY_DSN ? 'enabled' : 'disabled',
19          FEATURE_FLAG_SECRET: status(env.FEATURE_FLAG_SECRET),
20        },
21
22        rotation: {
23          version: env.ROTATION_VERSION || 'not set',
24          last_checked: new Date().toISOString(),
25        },
26      });
27    }
28
29    return json({ error: 'Not found' }, { status: 404 });
30  },
31};
```

The Worker checks for nine different secrets representing common patterns in production applications, including API keys (both public and private), webhook signing secrets for verifying incoming requests, service tokens for internal authentication, error tracking DSNs, and a rotation version identifier for verifying that updates have propagated.

Throughout this tutorial, you'll use this project to pull secrets from Doppler for local development, sync them to Cloudflare for production, automate deployments with GitHub Actions, and practice rotating credentials without downtime.
