Environment Variables The Sistema de Gestión de Propiedades API uses environment variables to configure authentication credentials and other settings.
Required Variables The API requires these environment variables:
Variable Purpose Example ADMIN_USERAdministrator username for Basic Auth adminADMIN_PASSAdministrator password for Basic Auth secretpassword123DBD1 database binding (auto-configured) -
Authentication Variables ADMIN_USER The username for HTTP Basic Authentication on protected endpoints.
Used by: Backend/src/middlewares/auth.ts:7export const adminAuthMiddleware = async ( c : Context , next : Next ) => { const auth = basicAuth ({ username: c . env . ADMIN_USER , // <-- Environment variable password: c . env . ADMIN_PASS , }) return auth ( c , next ) }
Protected endpoints:
POST /api/propiedades - Create propertyPATCH /api/propiedades/{id} - Update propertyDELETE /api/propiedades/{id} - Delete property
ADMIN_PASS The password for HTTP Basic Authentication.
Security notes:
Never commit this to version control
Use a strong, unique password
Rotate regularly
Store as a Wrangler secret (encrypted)
Setting Variables Local Development For local development with wrangler dev, create a .dev.vars file:
# .dev.vars ADMIN_USER = admin ADMIN_PASS = dev-password-123
Add .dev.vars to your .gitignore to prevent committing credentials.
.gitignore: Production (Wrangler Secrets) For production, use Wrangler secrets (encrypted and never visible):
Set ADMIN_USER secret
wrangler secret put ADMIN_USER
When prompted, enter your admin username: Enter a secret value: admin
Set ADMIN_PASS secret
wrangler secret put ADMIN_PASS
When prompted, enter a strong password: Enter a secret value: your-secure-password-here
Verify secrets are set
Output: [ { "name": "ADMIN_USER", "type": "secret_text" }, { "name": "ADMIN_PASS", "type": "secret_text" } ]
Secrets are encrypted and never displayed. You can only overwrite or delete them.
Alternative: wrangler.toml (Not Recommended) You can set variables in wrangler.toml, but only use this for non-sensitive values :
# wrangler.toml [ vars ] ADMIN_USER = "admin" # OK for username # NEVER put passwords here
Never store passwords in wrangler.toml. Always use secrets for sensitive data.
Accessing Variables in Code Variables are accessed through the context’s env object:
import { Context } from 'hono' ; export const someHandler = async ( c : Context ) => { // Access environment variables const username = c . env . ADMIN_USER ; const password = c . env . ADMIN_PASS ; // Access D1 database binding const db = c . env . DB ; // Use them const result = await db . prepare ( 'SELECT * FROM propiedades' ). all (); };
D1 Database Binding The DB binding is configured in wrangler.toml:
[[ d1_databases ]] binding = "DB" # <-- This becomes c.env.DB database_name = "propiedades-db" database_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
This binding gives your Worker access to the D1 database:
// Access the database const { results } = await c . env . DB . prepare ( 'SELECT * FROM propiedades' ). all ();
Environment-Specific Configuration Multiple Environments Configure separate environments for staging and production:
# wrangler.toml # Staging environment [ env . staging ] name = "inmobiliaria-api-staging" [[ env . staging . d1_databases ]] binding = "DB" database_name = "propiedades-staging" database_id = "staging-db-id" # Production environment [ env . production ] name = "inmobiliaria-api-production" [[ env . production . d1_databases ]] binding = "DB" database_name = "propiedades-production" database_id = "production-db-id"
Set Secrets per Environment # Staging secrets wrangler secret put ADMIN_USER --env staging wrangler secret put ADMIN_PASS --env staging # Production secrets wrangler secret put ADMIN_USER --env production wrangler secret put ADMIN_PASS --env production
Deploy to Specific Environment # Deploy to staging wrangler deploy --env staging # Deploy to production wrangler deploy --env production
Managing Secrets List Secrets Update a Secret wrangler secret put ADMIN_PASS # Enter new password
Delete a Secret wrangler secret delete ADMIN_PASS
Deleting a secret will cause authentication to fail until you set a new one.
Security Best Practices
Use strong passwords
Generate secure passwords: # On Linux/Mac openssl rand -base64 32 # Example output K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols =
Rotate credentials regularly
Update secrets periodically: wrangler secret put ADMIN_PASS
Use different credentials per environment
Don’t reuse staging credentials in production.
Never commit credentials
Add to .gitignore: .dev.vars wrangler.toml # If it contains secrets
Limit access to secrets
Only trusted team members should have access to production secrets.
Verifying Configuration Test Locally
Test authentication
curl -u admin:dev-password-123 http://localhost:8787/api/auth/verify
Should return: { "authenticated" : true , "user" : "admin" }
Test Production
Test authentication
curl -u admin:your-production-password \ https://your-worker.workers.dev/api/auth/verify
TypeScript Types Generate TypeScript types for your environment bindings:
This creates type definitions based on your wrangler.toml:
// Generated types interface CloudflareBindings { ADMIN_USER : string ; ADMIN_PASS : string ; DB : D1Database ; }
Troubleshooting
401 Unauthorized after deployment
Cause: Secrets not set or incorrectSolution: # Verify secrets are set wrangler secret list # If missing, add them wrangler secret put ADMIN_USER wrangler secret put ADMIN_PASS
Cause: D1 binding not configuredSolution: Check wrangler.toml:[[ d1_databases ]] binding = "DB" database_name = "propiedades-db" database_id = "your-database-id"
Local dev works but production fails
Cause: Secrets not set in productionSolution: .dev.vars only works locally. Set secrets for production:wrangler secret put ADMIN_USER wrangler secret put ADMIN_PASS
This is normal. Secrets are encrypted and never displayed. You can only overwrite them:wrangler secret put ADMIN_PASS
Environment Variable Checklist Before deploying:
Next Steps
Cloudflare Workers Complete deployment guide
Database Setup Configure the D1 database
Authentication Learn about the auth system
Quickstart Start using the deployed API