GitLab CI / CD

reading time 4 mins

This guide will show you how to use Doppler to provide secrets to CI / CD jobs in GitLab.


  • You have created a project in Doppler
  • You have a GitLab repository with permissions for viewing and modifying CI / CD job variables

Select Config

Using Doppler to manage your CI / CD secrets requires only a single DOPPLER_TOKEN variable to be stored in GitLab, which is used by the Doppler CLI to fetch the latest version of your secrets during each job run.

We recommend you first migrate any existing CI / CD job variables to Doppler prior to updating your GitLab job config, with most customers opting to organize them under the Staging environment.

Service Tokens

Create a Doppler Service Token for the CI / CD config and copy it to your clipboard.

Then in GitLab, go to Settings > CI / CD > Variables and add a new variable DOPPLER_TOKEN using the token content copied to the clipboard.

Your GitLab CI / CD job will now be able to access all the secrets in that Doppler config on each job run.


Now, let's create a simple GitLab CI / CD job to show you how to access secrets from Doppler.

The first step is to install the Doppler CLI, then use doppler run to fetch the config secrets.

  - build

Install Doppler CLI:
  stage: build
    - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 || wget -t 3 -qO- | sh
    - doppler run -- printenv | grep SECRET_NAME

Performing a manual run of the GitLab build job shows the successful installation of the CLI and fetching of a secret.


Amazing Work!

Now you know how to configure GitLab CI / CD jobs to fetch secrets from Doppler.

Did this page help you?