TOTP Enrollment
Generates a new shared secret for the parks app and your Cloudflare Pages Worker. Scan the QR with any TOTP app (Google Authenticator, Authy, 1Password, Bitwarden), copy the secret into both places, and verify it works before you commit.
- Tap Generate new secret above.
- Scan the QR with your authenticator app.
- Type the 6-digit code into Verify to confirm enrollment worked.
- Copy the secret. Paste it into:
- The Cloudflare Pages dashboard → Settings → Variables and secrets → encrypted variable
TOTP_SECRET. Re-deploy the project. - The parks app's GIS Layers menu → TOTP shared secret field → Save.
- The Cloudflare Pages dashboard → Settings → Variables and secrets → encrypted variable
- From now on, the app sends a fresh code on every protected API call.
Generating a new secret invalidates the old one. If you've
already enrolled, only run this when you actually want to rotate. The
secret is generated locally in your browser; no one else (including the
server you fetched this page from) ever sees it.