Doppler provides the ability to rotate between two Cloudflare tokens, affording a zero-downtime rotation experience
- Understand the Doppler rotation methodology
- Cloudflare Account
- Ability to create Cloudflare tokens
Setting up Cloudflare token rotation consists of creating three tokens
- A token to facilitate rotation - the managing user key
- Two identical tokens to rotate between, which ensures zero downtime
- Navigate to the Doppler config you would like to add the rotated secret to
- Click the dropdown next to Add Secret and select Add Rotated Secret
- In the modal, select Cloudflare in the SaaS section
- Name the integration
- In a new browser tab, navigate to the tokens section in your Cloudflare dashboard
- Select Create Token
- Next to Create Additional Tokens, select Use Template
- Ensure the API Tokens permission is set to Edit
- Select Continue to Summary.
- Create the token
- Copy the token and return to the Doppler tab. Enter the token in the Managing Key input.
Do not enter, save, or paste the token anywhere else. It should only live in Doppler
- Provide a descriptive Rotated Secret Name. The rotated secret name will prefix the individual secret values that are injected into your config
- Interval is the cadence at which the secret is rotated
- Create two new Cloudflare tokens with identical permissions and provide their token values. Be sure to give these tokens different names in Cloudflare to easily identify them. Doppler will rotate these accordingly to your selected interval.
- Select next to create the Cloudflare rotate secret
After creating the Cloudflare rotated secret, two individual secrets will be available in the config. Doppler ensures the active secret instance is returned when requested or synced.
- NAME - the name Cloudflare generates for the token. Likely not used in code but useful for auditing purposes, especially when correlating activity between Cloudflare and Doppler
- VALUE - the value of the active secret instance.
Updated 2 months ago