In this guide, you'll learn how to install the Doppler CLI for all environments, from local development through to production.
The Doppler CLI provides access to your secrets in every environment, from local development, CI/CD, staging, and production. It is a lightweight binary available for every almost operating system and package manager, including Docker.
brew install dopplerhq/cli/doppler
# Add Doppler's scoop repo scoop bucket add doppler https://github.com/DopplerHQ/scoop-doppler.git # Install latest doppler cli scoop install doppler
# Install during build phase RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh
# Use base image with CLI pre-installed FROM dopplerhq/cli:3
# Does not rely on package managers and is recommended for ephemeral environments (e.g. CI jobs). # Supports Linux, BSD, and macOS (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh
# Add Bintray's GPG key sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61 # Add Doppler's apt repo echo "deb https://dl.bintray.com/dopplerhq/doppler-deb stable main" | sudo tee /etc/apt/sources.list.d/dopplerhq-doppler.list # Update packages and install latest doppler cli sudo apt-get update && sudo apt-get install doppler
# Add Doppler's yum repo sudo wget https://bintray.com/dopplerhq/doppler-rpm/rpm -O /etc/yum.repos.d/bintray-dopplerhq-doppler.repo # Update packages and install latest doppler cli sudo yum update && sudo yum install doppler
Now, verify the Doppler CLI was installed by checking its version.
You can also upgrade the CLI to the latest version at any time.
In order for the Doppler CLI to access secrets for your projects, it needs an access token. For local development, we use the
doppler login command which will open a browser window and ask you to authenticate. This only needs to happen once.
Now that the CLI is installed, let's configure it for use with a project in your development environment.
In Doppler, access to a project's secrets is scoped to a specific directory in your file system. This allows you to fetch secrets for multiple projects on a single machine.
Have you created a project?
If you or your team has yet to create a project, learn how in our Create a Project guide, as you'll need a project for the upcoming steps.
For each project, the setup command must be run, usually at the repository root level.
# Change to your project's directory cd ./your/project/directory # Select project and config doppler setup
Easy setup with doppler.yaml
You can pre-configure the project and config to select for local development using a
doppler.yamlfile. Learn more in our Create a Project guide.
Fetch the latest versions of your secrets for your project and selected config using the run command, injecting them as environment variables into the running process from your command or script.
doppler run -- your-command-here
doppler run --command="./configure && ./process-jobs; ./cleanup"
Because Doppler injects secrets as environment variables, it works for any language, framework, platform, and cloud provider.
const secret = process.env["SECRET_NAME"]
secret = os.getenv("SECRET_NAME")
secret = ENV["SECRET_NAME"]
secret := os.Getenv("SECRET_NAME")
String secret = System.getenv().get("SECRET_NAME")
$secret = $_ENV["SECRET_NAME"]
secret = env::var("SECRET_NAME")
var secret: String = System.getenv("SECRET_NAME")
def secret = System.getenv("SECRET_NAME")
char const* secret = getenv("SECRET_NAME");
To run one-off commands using a secret in Doppler, please make sure to escape the secret or use single quotes. You will need to do this to guard against shell parsing the variable before the run command executes.
doppler run --command="echo \$SECRET_NAME"
doppler run --command='echo $SECRET_NAME'
Now that you have local development running, let’s set up authentication for staging and production with Service Tokens.
Updated 23 days ago