feat(workers): Add optional ID when resolving secrets (#881)

hemalshah-gradientedge · web-flow · commit 1d10ef9dd140 · 2025-08-04T11:42:54.000+03:00
diff --git a/src/lib/cloudflare/construct/worker-site/main.ts b/src/lib/cloudflare/construct/worker-site/main.ts
@@ -96,6 +96,7 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
   protected createWorkerDomain() {
     this.workerManager.createWorkerDomain(`${this.id}-worker-domain`, this, {
       ...this.props.siteWorkerDomain,
+      environment: this.props.siteWorkerDomain.environment ?? 'production',
       hostname: `${this.props.siteSubDomain}.${this.props.domainName}`,
       service: this.siteWorkerScript.scriptName,
     })
@@ -107,15 +108,21 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    * @param secretKey the secret key
    * @returns the secret value
    */
-  protected resolveSecretFromAWS(secretName: string, secretKey: string) {
+  protected resolveSecretFromAWS(secretName: string, secretKey: string, id?: string) {
     if (!this.awsProvider) {
       throw new Error(`Unable to resolve secret:${secretKey}. AWS provider not found`)
     }
-    const secret = new DataAwsSecretsmanagerSecret(this, `${this.id}-${secretName}-${secretKey}`, { name: secretName })
-    const secretVersion = new DataAwsSecretsmanagerSecretVersion(this, `${this.id}-${secretName}-${secretKey}-ver`, {
-      provider: this.awsProvider,
-      secretId: secret.id,
+    const secret = new DataAwsSecretsmanagerSecret(this, id ?? `${this.id}-${secretName}-${secretKey}`, {
+      name: secretName,
     })
+    const secretVersion = new DataAwsSecretsmanagerSecretVersion(
+      this,
+      id ? `${id}-ver` : `${this.id}-${secretName}-${secretKey}-ver`,
+      {
+        provider: this.awsProvider,
+        secretId: secret.id,
+      }
+    )
     if (!secretVersion) throw new Error(`Unable to resolve secret:${secretName}`)
     return Fn.lookup(Fn.jsondecode(secretVersion.secretString), secretKey)
   }
@@ -128,13 +135,13 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    * @param secretKey the secret key
    * @returns the secret value
    */
-  protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string) {
+  protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string, id?: string) {
     if (!this.azurermProvider) {
       throw new Error(`Unable to resolve secret:${secretKey}. Azurerm provider not found`)
     }
     const keyVaultData = new DataAzurermKeyVault(
       this,
-      `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-vault`,
+      id ? `${id}-vault` : `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-vault`,
       {
         resourceGroupName: resourceGroupName,
         name: keyVaultName,
@@ -143,7 +150,7 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
     )
     const secretValueData = new DataAzurermKeyVaultSecret(
       this,
-      `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-secret`,
+      id ? `${id}-secret` : `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-secret`,
       {
         name: secretKey,
         keyVaultId: keyVaultData.id,
