The R2 MCP Worker is configured entirely through Cloudflare Workers environment variables and platform bindings. Non-sensitive values live inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/XxYouDeaDPunKxX/cloudflare-r2-remote-mcp-worker/llms.txt
Use this file to discover all available pages before exploring further.
wrangler.jsonc under vars. Sensitive values — OAuth credentials, API tokens, and encryption keys — are stored with wrangler secret put and never appear in the repository. Local development uses .dev.vars as a flat key-value file that Wrangler injects at runtime.
wrangler.jsonc reference
Copy wrangler.example.jsonc to wrangler.jsonc and edit for your deployment. The full example:
.dev.vars reference
For local development, create .dev.vars by copying the example file:
Environment variable reference
Authentication
Controls how the Worker authenticates incoming requests.
"github"— All requests to/mcpare gated by GitHub OAuth. RequiresGITHUB_CLIENT_ID,GITHUB_CLIENT_SECRET,COOKIE_ENCRYPTION_KEY, and theOAUTH_KVbinding."none"— No authentication. Use only for local development. Never deploy withAUTH_MODE=noneon a public endpoint.
Comma-separated list of GitHub usernames permitted to access the MCP endpoint when
AUTH_MODE=github. Users who authenticate successfully via GitHub but whose login is not in this list receive a 403 response.Example: "alice,bob,carol"R2 bucket
The name of the bound R2 bucket. This must match
r2_buckets[0].bucket_name in wrangler.jsonc. Required by account tools and presign tools. Object tools use the R2_BUCKET binding directly and do not read this variable.An optional path prefix used to scope all object key operations. When set, every object key passed to the Worker is prefixed with
<R2_ROOT_PREFIX>/ before being sent to R2, and the prefix is stripped from keys returned to the client.This allows multiple Worker deployments to share a single bucket with isolated namespaces. See R2_ROOT_PREFIX scoping below for rules and examples.Transfer limits
Maximum size in bytes (default 256 KB) for object content returned inline in a tool response. Objects larger than this threshold are not returned inline — the tool response indicates the object is too large and the client should use a direct download or presigned URL instead.
Maximum size in bytes (default 1 MB) for objects transferred through the Worker during upload or download operations. Requests exceeding this limit are rejected with an error.
Maximum number of objects returned in a single
r2_object_list call. The client may request fewer, but cannot exceed this value.Feature flags
When
"true", enables read-only Cloudflare account API tools that expose bucket-level metadata and usage statistics. Requires CLOUDFLARE_ACCOUNT_ID, CLOUDFLARE_API_TOKEN, and R2_BUCKET_NAME.When
"true", enables tools that generate time-limited pre-signed S3-compatible URLs for direct R2 access. Requires R2_BUCKET_NAME, R2_ACCESS_KEY_ID, R2_SECRET_ACCESS_KEY, and optionally R2_S3_REGION and R2_S3_ENDPOINT.Account tools (optional)
Your Cloudflare account ID. Required when
ENABLE_ACCOUNT_TOOLS=true. Also used to derive the default R2_S3_ENDPOINT when presign tools are enabled and R2_S3_ENDPOINT is not explicitly set.A Cloudflare API token with read access to the R2 resources in your account. Required when
ENABLE_ACCOUNT_TOOLS=true. Use the narrowest token scope sufficient for your deployment. Must be set with wrangler secret put, not in wrangler.jsonc.Presign tools (optional)
The access key ID portion of an R2 API token with S3-compatible API access. Required when
ENABLE_PRESIGN_TOOLS=true. Generate R2 API tokens in Cloudflare Dashboard → R2 → Manage R2 API tokens. Must be set with wrangler secret put.The secret access key portion of an R2 API token. Required when
ENABLE_PRESIGN_TOOLS=true. Must be set with wrangler secret put.The S3 region string used when constructing pre-signed URLs. Cloudflare R2 uses
"auto" as the canonical region identifier. Override only if your setup requires a specific region string.The S3-compatible endpoint URL for R2. Optional — if omitted and Set this explicitly if you need to target a custom domain or a non-standard endpoint.
CLOUDFLARE_ACCOUNT_ID is set, the Worker derives it as:GitHub OAuth secrets
The Client ID from your GitHub OAuth App. Required when
AUTH_MODE=github. Must be set with wrangler secret put, not in wrangler.jsonc.The Client Secret from your GitHub OAuth App. Required when
AUTH_MODE=github. Must be set with wrangler secret put.A random, high-entropy string used to encrypt OAuth session cookies. Must be at least 32 characters. Generate with:Required when
AUTH_MODE=github. Must be set with wrangler secret put.Wrangler secrets vs. vars
Cloudflare Workers distinguishes between two kinds of runtime values:
| Kind | Where set | Visible in dashboard | Use for |
|---|---|---|---|
| Vars | wrangler.jsonc → vars | Yes (plaintext) | Non-sensitive config: feature flags, limits, bucket names |
| Secrets | wrangler secret put | No (encrypted) | OAuth credentials, API tokens, encryption keys |
R2_ROOT_PREFIX scoping
When R2_ROOT_PREFIX is set, the Worker transparently prepends the prefix to every object key before sending it to R2, and strips it from keys returned to the client. This lets multiple Worker deployments share one bucket with isolated key namespaces.
How scoping works:
- A client key of
images/photo.jpgwithR2_ROOT_PREFIX=tenant-abecomestenant-a/images/photo.jpgin R2. - List operations are automatically restricted to the prefix — the client cannot enumerate objects outside it.
- Attempts to escape the prefix (e.g. via
../) are rejected with a 403 error.