← knowledge.oriz.in

Service Bindings — future privileged-Worker split

architecture architectureapicloudflare-workersservice-bindingsfuture

Service Bindings — future privileged-Worker split

Concept

Today the umbrella Hono Worker holds everything from contact-form relay to Firestore service-account JWTs. If the privileged blast radius gets uncomfortable, Cloudflare Service Bindings let us split out a separate "auth-core" Worker that holds the secrets, with the public Worker calling it via Service Binding RPC at zero cost.

How it works

Why this shape

Today's umbrella Worker is small enough that a single deploy is fine. The risk-of-change calculus changes once external integrations multiply: a bug in the contact-form route shouldn't be one deploy away from the Razorpay signing key. Service Bindings are the no-network-hop escape hatch that lets us do the split when we want to without giving up the typed RPC pattern. It is documented now so when the split is needed, the shape is already locked.

Cross-refs