We are here to help you get from zero to one fast.

Get Started    Discussions

Doppler CLI Guide

reading time 3 mins


The Doppler CLI provides a consistent experience between developing locally and production. It is a lightweight binary that comes provided in a number of package managers and Docker images. Check out the Doppler CLI repository on GitHub!

brew install dopplerhq/cli/doppler
# Add Doppler's scoop repo
scoop bucket add doppler

# Install latest doppler cli
scoop install doppler
# this installation method does not use a package manager and is only recommended for ephemeral environments (e.g. CI jobs)
# supports Linux, BSD, and macOS
(curl -Ls || wget -qO- | sh
# All tags:
#   - Alpine: dopplerhq/cli:3
#   - Node: dopplerhq/cli:3-node
#   - Python: dopplerhq/cli:3-python
#   - Ruby: dopplerhq/cli:3-ruby
FROM dopplerhq/cli:3
# Add Bintray's GPG key
sudo apt-key adv --keyserver --recv-keys 379CE192D401AB61

# Add Doppler's apt repo
echo "deb stable main" | sudo tee /etc/apt/sources.list.d/dopplerhq-doppler.list

# Update packages and install latest doppler cli
sudo apt-get update && sudo apt-get install doppler
# Add Doppler's yum repo
sudo wget -O /etc/yum.repos.d/bintray-dopplerhq-doppler.repo

# Update packages and install latest doppler cli
sudo yum update && sudo yum install doppler

Now let's verify the Doppler CLI was installed correctly.

doppler --version


The Doppler CLI requires an API key for authentication. Access can be granted via the login flow for local development OR by using a service token. Service tokens should be used when running your service on a cloud provider (Azure, AWS, GCP, etc).

doppler login
doppler configure set token <SERVICE TOKEN>
# OR
# Auto-configure your Enclave project and config
doppler setup --token=<SERVICE TOKEN> --no-prompt

Authenticating multiple workplaces

The Doppler CLI supports multiple workplaces by allowing you to scope your login to a specific directory. Any applications inside your chosen directory (or its sub-directories) will automatically use the correct API key.

# authenticate your company's workplace
doppler login --scope ~/boring-apps/

# authenticate your side project's workplace
doppler login --scope ~/exciting-ideas/

Run your application

Whether developing locally or in prod, your can run your app via the doppler run command. This will execute your app with your latest secrets injected into the environment. It will use your current shell.

doppler run -- printenv DOPPLER_CONFIG

Running aliased commands

Running aliased commands is currently not supported. To use an alias, source your aliases file before executing your app.

doppler run --command="source ~/.bash_aliases && my_aliased_command"

Running an alternative shell

When using the --command flag, the Doppler CLI will determine what shell to use based on the SHELL environment variable. The CLI currently supports sh, bash, zsh, dash, fish, ksh, tcsh, and csh. If you are using an alternative shell, the CLI will fall back to sh. You can manually specify your preferred shell.

# e.g. use zsh2
doppler run -- zsh2 -c "printenv DOPPLER_CONFIG"


The Doppler CLI supports updating itself via the doppler update command. This is currently only supported for installs completed via Brew, and will automatically update you to the latest version.

List of Commands

The official Doppler CLI

  doppler [flags]
  doppler [command]

Available Commands:
  activity     Get workplace activity logs
  configs      Manage configs
  configure    View the config file
  environments Manage environments
  feedback     Provide feedback about the Doppler CLI
  help         Help about any command
  login        Authenticate to Doppler
  logout       Log out of the CLI
  open         open a web page in your browser
  projects     Manage projects
  run          Run a command with secrets injected into the environment
  secrets      Manage secrets
  settings     Get workplace settings
  setup        Setup the Doppler CLI for managing secrets
  update       update the Doppler CLI

      --api-host string         The host address for the Doppler API (default "")
      --configuration string    config file (default "/Users/thomas/.doppler/.doppler.yaml")
      --dashboard-host string   The host address for the Doppler Dashboard (default "")
      --debug                   output additional information
  -h, --help                    help for doppler
      --json                    output json
      --no-read-env             do not read config from the environment
      --no-timeout              disable http timeout
      --no-update               disable checking for Doppler CLI updates
      --no-verify-tls           do not verify the validity of TLS certificates on HTTP requests (not recommended)
      --print-config            output active configuration
      --scope string            the directory to scope your config to (default ".")
      --silent                  disable output of info messages
      --timeout duration        max http request duration (default 10s)
  -t, --token string            doppler token
  -v, --version                 Get the version of the Doppler CLI

Use "doppler [command] --help" for more information about a command.

Updated 2 days ago

Doppler CLI Guide

reading time 3 mins

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.