DigitalOcean Droplets

Easily manage environment variables for your DigitalOcean applications

This guide will show you how to use the Doppler DigitalOcean Marketplace App to securely manage secrets for applications hosted on DigitalOcean.


  • You have created a project in Doppler
  • You have a DigitalOcean account
  • You are familiar with creating and configuring a Droplet

Create Service Token

Accessing your secrets as environment variables in your DigitalIOcean droplet requires a Service Token to provide read-only access to a specific config. We'll cover how to provide this in the Configure Droplet section.

Create Droplet

Go to the Doppler DigitalOcean Marketplace page, then click the Create Doppler Droplet button.

This will take you to the DigitalOcean dashboard to configure your Droplet for launch.

Configure Droplet

The Doppler CLI should be configured when creating the Droplet by scoping the Doppler Service Token to the file system location of your application code. This only needs to be performed once.

Configure your Droplet as usual until you reach the Select additional options section, then click the User data checkbox.

In the User data text area, enter the following (replacing the Service Token and path to your application code):


# Ensure the latest version of the CLI is installed
sudo doppler update

# Change service token and app directory path
doppler configure set token --scope /home/ubuntu/your-app

# Removing the Service Token value from bash history
history -c

Continue configuring your Droplet, then click the Create Droplet button.


Now that the Doppler Droplet has been created, let's sign-in using ssh to test the Doppler CLI can fetch secrets successfully.

The username is root and you'll need the Droplet public IP address (ipv4):

ssh root@your-ip-address

Once logged in, change into the application directory, and test the Doppler CLI is configured correctly:

# Replace with path to your application

doppler secrets

If you're looking for a command that will run your application in the background with logging support for stdout and stderror, it could look like the following using nohup and the & operator to background the process:

# Replace `start-your-app` with your command
nohup doppler run -- start-your-app > $PWD/app.log 2> $PWD/app_error.log &

If you're new to Doppler, check out our Getting Started Guide to learn more about how to supply secrets to your application.


Awesome Work!

Now you know to use the Doppler DigitalOcean Marketplace App to securely manage secrets for applications hosted on DigitalOcean.