Managing secrets—API keys, database credentials, tokens—across various environments is a persistent challenge in modern DevOps workflows. Doppler CLI offers a centralised solution, enabling developers and security teams to handle secrets efficiently across development, CI/CD pipelines, and production systems.
What is Doppler CLI?
Doppler CLI is the official command-line interface for interacting with the Doppler secrets management platform. It allows users to manage secrets, projects, and environments, ensuring that sensitive information is handled securely and consistently across all development and deployment stages.
Key Features
- Unified Secrets Management: Centralise environment variables and secrets across projects and environments.
- Seamless Integration: Integrate with CI/CD tools, including GitHub Actions, to inject secrets securely during builds and deployments.
- Access Control: Implement granular access controls to ensure only authorised personnel can access specific secrets.
- Audit Logging: Maintain detailed logs of secret access and modifications for compliance and auditing purposes.
Installation
macOS (using Homebrew)
brew install dopplerhq/cli/doppler doppler --version |
Windows (using Winget)
winget install doppler doppler --version |
Linux (using Shell Script)
$ (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh |
By default, doppler login scopes the auth token to the root directory (--scope=/). This means that the token will be accessible to projects using the Doppler CLI in any subdirectory. To limit this, specify the scope flag during login: doppler login --scope=./ or doppler login --scope ~/projects/backend.
Setup (i.e. doppler setup) scopes the selected project and config to the current directory (--scope=./). You can also modify this scope with the scope flag. Run doppler help for more information.
For other installation methods and detailed instructions, refer to the Doppler CLI Installation Guide
Integration with GitHub Actions
Doppler CLI can be integrated into GitHub Actions workflows to manage secrets during CI/CD processes.
Example Workflow:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
name: Deploy on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v2 - name: Install Doppler CLI uses: dopplerhq/cli-action@v3 - name: Inject Secrets run: doppler run -- your-deployment-command env: DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} |
Conclusion
Doppler CLI provides a robust and secure method for managing secrets across various environments. Its seamless integration with development tools and CI/CD pipelines simplifies secret management, enhances security, and supports compliance efforts.
You can download Doppler or read more here: https://github.com/DopplerHQ/cli