Skip to main content

Docs Web Secrets And Environments

Docs web v0 should not require secrets to build locally.

Local And CI Build

These commands require no Cloudflare credentials:

pnpm verify:docs-site
pnpm verify:ui-storybook-build

Cloudflare Credentials

Credentials may be required only for direct upload or account automation:

  • CLOUDFLARE_API_TOKEN
  • CLOUDFLARE_ACCOUNT_ID

Store these in Cloudflare, GitHub environment secrets, or an operator shell. Do not commit them to the repository.

Forbidden Locations

Do not put secrets in:

  • apps/docs/docusaurus.config.ts
  • apps/docs/static/_headers
  • .docs/**/*.md
  • Storybook globals or fixtures
  • .env files committed to git
  • generated diagnostics or reports

Public Values

These are public configuration values, not secrets:

  • docs.mayadev.cloud
  • storybook.mayadev.cloud
  • Cloudflare Pages project names
  • build commands
  • output directories

Review Rule

Any future deploy automation that introduces credentials must update this document, SECURITY.md if reporting scope changes, and .docs/security/supply-chain.md if dependency or workflow policy changes.