Step 4: Cloudflare local development with Doppler
Develop locally without hardcoding secrets or exposing sensitive data.
Once your secrets are set up in the Doppler dashboard, ensure you’re signed in to the Doppler CLI and inside your cloned sample project folder. Then run:
1# Language - bash
2doppler setup --project cloudflare-workers-demo --config dev
This command links your project to Doppler and sets the dev environment as the default for all Doppler commands run in this directory.
Before deploying your application to production, you'll want to test locally. Cloudflare Workers present a unique challenge here. Unlike traditional Node.js applications that read secrets from process.env, Cloudflare Workers receive secrets through the env object passed to the fetch handler. This means tools like dotenv don't work out of the box.
Wrangler solves this with a .dev.vars file. During local development, Wrangler reads this file and injects the values into the env object. Instead of manually maintaining this file, you can generate it directly from Doppler by running the following command:
1# Language - bash
2doppler secrets download --no-file --format env-no-quotes > .dev.vars
This command pulls all secrets from your current configuration(dev) and writes them in the format that Wrangler expects.
Now start the local development server:
1# Language - bash
2npx wrangler dev
You should see output indicating that Wrangler found and loaded your .dev.vars file:
Open http://localhost:8787/secrets in your browser, and you should see all secrets reporting as "configured":
1{
2 "environment": "development",
3 "secrets": {
4 "API_KEY_PUBLIC": "configured",
5 "API_KEY_PRIVATE": "configured",
6 "WEBHOOK_SIGNING_SECRET": "configured",
7 "INTERNAL_SERVICE_TOKEN": "configured",
8 "SENTRY_DSN": "enabled",
9 "FEATURE_FLAG_SECRET": "configured"
10 },
11 "rotation": {
12 "version": "v1",
13 "last_checked": "2026-02-06T14:56:35.983Z"
14 }
15}
Your local development environment is now pulling secrets from Doppler. Any team member with access to the Doppler project can generate the same .dev.vars file and get identical results. No more sharing secrets over Slack, no more stale .env files copied weeks ago, and no more debugging issues that turn out to be mismatched credentials.
Switching environments locally
To test with staging or production secrets locally, regenerate the .dev.vars file with a different configuration:
1# Language - bash
2doppler secrets download --no-file --format env-no-quotes --config stg > .dev.vars
3npx wrangler dev
Now your local Worker runs with staging secrets.