Changelog

March 2026

about 1 month ago

Added Azure Service Principal Rotated Secrets and Dynamic Secrets. You can now configure Azure Service Principal client secret rotation and dynamic credential generation via a managing Service Principal.
Added a "View all secrets" option in global search for quickly finding secrets across all projects from the search bar.
Launched the new integration connection management experience for all users, replacing the legacy integration management UI.
Added support for non-US Twilio regions.
Activity Log entries for project renames now include both old and new project names.
Fixed a bug with the BitBucket integration.
Fixed a bug where the List Permissions API endpoint for workplace roles was returning duplicate permissions.
Fixed a bug where not all repo environments were shown in the GitHub Actions environment selector for repos with more than 1,000 environments.
Fixed secrets temporarily disappearing in the dashboard after changing the visibility type.
Fixed a bug preventing sync and notification failures from retrying.

2 months ago

Enabled CLI token creation from the MCP server, allowing developers to authenticate directly from MCP-powered tools.
Added MCP server indicator to Activity Logs and Config Logs, showing when actions were taken using the Doppler MCP server.
Fixed empty secret values in AWS Secrets Manager multi-secret syncs being stored as empty strings. Empty values are now deleted instead.
Improved reliability of OIDC authentication.

3 months ago

Removed the 64KiB config size limit when using the multi-secret sync strategy in AWS Secrets Manager.
Fixed the MS Teams webhook URL validation.
Fixed clipping of the "Refer a Friend" tooltip.
Added AWS sync support for regions ap-east-2 and ap-southeast-6.

4 months ago

Added Change Requests management endpoints to the v3 API, enabling programmatic creation, review, and approval of change requests.
Redesigned the Config Syncs and Project Syncs pages with a refreshed layout and the ability to filter integrations by connection status and sync status.
Added support for MS Teams webhooks via the new Power Automate URL format.
Added new AP2 region for DataDog log forwarding.
Activity Log event payloads for project-related actions now include the project description.
Doppler CLI 3.75.2 is now live. View the updates here and stay up to date.

5 months ago

GitLab sync now supports custom URLs for self-hosted instances. You can provide an optional instance URL when setting up a GitLab integration connection.
Integration connections can now be reconnected at any time to update credentials, not just when the connection has been disabled.
Added a permissions boundary field to the AWS IAM user connection form, allowing you to specify a permissions boundary policy during setup.
Added missing AWS regions to integration options.
Added tooltip error for disabled syncs when AWS Parameter Store returns a "TooManyUpdates" error.
Permissions boundary is now preserved for backward compatibility when connecting or reconnecting AWS IAM integrations.
Updated SAML login to redirect users back to their original page after reauthentication (e.g., back to the CLI login page).

6 months ago

Added service account identity management to the v3 API.
Added additional principal metadata to the /me API endpoint, providing more detail about the access token's associated principal.
Added support for Bitbucket repo-scoped variable syncing.
Improved error messaging around rotated secrets.
Excluded invalid preview branches from Vercel sync creation.

7 months ago

Added OIDC support for Kubernetes.
Added support for syncing unmasked secrets as GitHub Actions Variables. To enable for an existing sync, delete the sync (choosing "Leave secrets in GitHub") and recreate with the new "Sync unmasked secrets as variables" option.
Added Render integration support for selecting services by project, also fixing timeout issues for accounts with a large number of services.
Added a "Re-Sync All" button to integration detail and list pages, allowing you to re-sync all syncs within a connection at once.
Added a source field to SIEM log forwarding payloads to make it easier to identify Doppler logs.
Added support for the HASURA_GRAPHQL_ENABLED_LOG_TYPES secret in the Hasura Cloud integration.
Increased Railway request timeout to improve sync stability.
Fixed a Render integration form issue when multiple projects exist.

8 months ago

Added a "Compare Config" menu option for easily comparing configurations side by side.
SAML SSO now properly accepts pending invites when registering, applying the correct permissions from the invitation.
GitLab project dropdown in sync setup now displays the namespace name alongside the project name to disambiguate projects with the same name across different groups.
Added support for using Deno Deploy org access tokens when creating integration connections

9 months ago

Added CRUD and manual rotation support for rotated secrets via the API.
Added support for AWS MS SQL rotated secrets.
Added API support for managing a group's workplace role.
API v3 now exposes config sync status.
Added advancedParameter flag to AWS Parameter Store syncs.
Updated the dotnet-json name transformer to translate ___ to ., enabling more complex .NET name transformations.
Improved project list page performance.
Users who lack team management permissions can now leave their workplace.
Added overflow scrolling to the config access page for service tokens.
Fixed a bug in the Postman integration that caused timeouts when a user had a large number of workspaces.
Fixed an issue where Railway sync was causing unintended additional service redeploys.
Fixed GitLab project variables being initialized as "masked and hidden."
Fixed reconnection of GCP CloudSQL rotated secrets.
Fixed API v3 error on the integrations route.
Fixed table rendering issue on narrow browsers.
Fixed popovers being cut off inside modals.
Fixed text wrapping on the edit inheritance drawer.
Long environment names are now truncated in the dashboard.
Fixed a bug when deleting a workplace.

10 months ago

Rotated secrets are now automatically disabled when a workplace downgrades to a plan that doesn't include the feature, preventing processing errors.
Added sync failure status indicators to config breadcrumbs and the config syncs page for better visibility into sync health.
Updated the GitHub Actions sync to respect the 1,000 secret limit when syncing to organization secrets.
Added the ability to manage Integration Access Scoping from User, Group, and Service Account pages.
Doppler's CLI v3.75.1 has been released. Update now to stay up to date.
Fixed incorrect rendering of overridden inherited secrets.