This guide will show you how to use Doppler to provide secrets to CI / CD jobs in GitLab.
- You have created a project in Doppler
- You have a GitLab repository with permissions for viewing and modifying CI / CD job variables
Using Doppler to manage your CI / CD secrets requires only a single
DOPPLER_TOKEN variable to be stored in GitLab, which is used by the Doppler CLI to fetch the latest version of your secrets during each job run.
We recommend you first migrate any existing CI / CD job variables to Doppler prior to updating your GitLab job config, with most customers opting to organize them under the Staging environment.
Create a Doppler Service Token for the CI / CD config and copy it to your clipboard.
Then in GitLab, go to Settings > CI / CD > Variables and add a new variable DOPPLER_TOKEN using the token content copied to the clipboard.
Your GitLab CI / CD job will now be able to access all the secrets in that Doppler config on each job run.
Now, let's create a simple GitLab CI / CD job to show you how to access secrets from Doppler.
The first step is to install the Doppler CLI, then use
doppler run to fetch the config secrets.
stages: - build Install Doppler CLI: stage: build script: - (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh - doppler run -- printenv | grep SECRET_NAME
Performing a manual run of the GitLab build job shows the successful installation of the CLI and fetching of a secret.
Now you know how to configure GitLab CI / CD jobs to fetch secrets from Doppler.
Updated 8 months ago