This guide is designed to get you set up with deploying your Doppler secrets to GCP Cloud Build. We assume you are already are a Google Cloud customer and that you have an existing trigger in your codebase.
- Doppler CLI has been installed and setup
- You have an account setup at Google Cloud and a trigger setup connected to your repository.
Let's head over to your
cloudbuild.yaml file in your repository. Here is an example file.
steps: - name: 'node:alpine' entrypoint: 'sh' args: - '-c' - ./your-command-here
Once we have the YAML file open, we need to install the Doppler CLI. This can be done by using our Docker image or by installing it through a shell script if you want to use another image. Lastly, we need to change our command to be wrapped by the
doppler run command.
steps: - name: 'dopplerhq/cli:3' entrypoint: 'sh' args: - '-c' - doppler run -- ./your-command-here; env: - 'DOPPLER_TOKEN=$_DOPPLER_TOKEN'
steps: - name: 'node:alpine' entrypoint: 'sh' args: - '-c' - (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh && \ - doppler enclave setup --no-prompt --silent && \ doppler run -- ./your-command-here; env: - 'DOPPLER_TOKEN=$_DOPPLER_SERVICE_TOKEN'
Now when your CloudBuild trigger executes it will first fetch the secrets from Doppler and then inject into your deploy command.
Let's head over to your Cloud Build dashboard.
Then click on the name of the trigger so you can edit its settings. Once on the settings page, scroll down to the Substitution variables section.
Now click the "ADD VARIABLE" button. Then give your secret the name
_DOPPLER_TOKEN. The value of the secret should be a service token. If you do not have a service token, here is a quick guide to show you how to create one.
Now you are all set up on Cloud Build. The next time you trigger a build your secrets will be fetched from Doppler.
Updated 19 days ago