This guide will describe how to use Doppler with your AWS Beanstalk deployments.
If your application is written in NodeJS, then you can take advantage of our gitops-secrets-nodejs package. You can use that to fetch your secrets from Doppler and then store them in an encrypted file with your code during the build process. On deploy, it would then decrypt the secrets and populate the application's environment with them.
This approach has an added benefit of not relying on Doppler's API being accessible at run time and if you had to scale your application up, it wouldn't be performing API requests every time your application starts (which can result in hitting API limits in some scenarios).
Currently, this package is only available for NodeJS. Detailed instructions for this method are outlined in the README for the project.
It's possible to sync your Doppler secrets to Beanstalk as environment variables. You can find an example of this approach in the following GitHub repository:
This essentially involves creating a Docker container that has the Doppler and AWS Beanstalk CLI's installed. It executes a sync script when the container runs and only needs a Doppler service token set in the container's environment to run. This can then be setup to run periodically via a third party CI-CD system or any other automation that can routinely execute a docker container.
Updated over 1 year ago