We are here to help you get from zero to one fast.

Get Started    Discussions


reading time 10 minutes

Hey , this guide is designed specifically for installing the Doppler CLI for local development environment all the way through to production. If your engineering team has yet to create an Enclave project, head over to the Create a Project page to get started.


The Doppler CLI provides a consistent experience when developing locally to in production. It is a lightweight binary that comes in a number of package managers and Docker images.

brew install dopplerhq/cli/doppler
# Add Doppler's scoop repo
scoop bucket add doppler

# Install latest doppler cli
scoop install doppler
# Add Bintray's GPG key
sudo apt-key adv --keyserver --recv-keys 379CE192D401AB61

# Add Doppler's apt repo
sudo echo "deb stable main" > /etc/apt/sources.list.d/dopplerhq-doppler.list

# Update packages and install latest doppler cli
sudo apt-get update && sudo apt-get install doppler
# Add Doppler's yum repo
sudo wget -O /etc/yum.repos.d/bintray-dopplerhq-doppler.repo

# Update packages and install latest doppler cli
sudo yum update && sudo yum install doppler

Now, verify the Doppler CLI was installed correctly.

doppler --version

Docker Users

If you are using Docker, we recommend reading our dedicated Docker Installation guide.


The Doppler CLI requires an API Key to authenticate. Access can be generated via the login flow used for local development OR by using a service token. Service tokens are recommended to be used only when running your service on a cloud provider (Azure, AWS, GCP, etc).

doppler login
# Option 1: Configure for later use
doppler configure set token <SERVICE TOKEN>

# Option 2: Pass as flag on any command
doppler configure debug --token=<SERVICE TOKEN>

# Option 3: Read from environment on any command
DOPPLER_TOKEN=<SERVICE TOKEN> doppler configure debug

After successful authentication, you will need to set the Enclave project and config credentials for local development; we recommend the enclave setup flow (shown below), which is a quick and interactive way to set credentials. It will also scope the credentials to your directory. This allows you to work on multiple projects at the same time by changing directories.

# Change to your project's directory
cd ./your/project/directory

# Select Enclave project and config
doppler enclave setup
# Option 1: Configure for later use
doppler configure set enclave.project=<PROJECT> enclave.config=<CONFIG>

# Option 2: Pass as flag on any Enclave command
doppler enclave <COMMAND> --project=<PROJECT> --config=<CONFIG>

# Option 3: Read from environment on any Enclave command


Run your program with the CLI, which will securely fetch your secrets from Enclave and inject them into the environment.

doppler run -- ./your-command-here

Serverless Users

If you are using Serverless, we recommend reading our dedicated Serverless Installation guide.

Now, you should be able to access your secrets securely through environment variables.

const secret = process.env["SECRET_NAME"]
secret = os.getenv("SECRET_NAME")
secret = ENV["SECRET_NAME"]
secret := os.Getenv("SECRET_NAME")
String secret = System.getenv().get("SECRET_NAME")
$secret = $_ENV["SECRET_NAME"]

Multiple Commands

You may chain together multiple commands using built-in shell operators (&&, ||, ;, etc.). To use these operators, you must wrap your command in quotes.

The example below will always execute ./first-command, will execute ./second-command if the first command succeeds (exit code 0), and will always execute ./cleanup-command.

doppler run "./first-command && ./second-command; ./cleanup-command"


Congrats! You can now fetch secrets securely from Enclave. Let's add the Doppler CLI to your startup scripts. Here are a couple examples, but feel free to customize it to your application.

  "scripts": {
    "local-setup": "doppler login && doppler enclave setup",
    "start": "doppler run -- node server.js",
name: Github Action
on: push
    runs-on: ubuntu-latest
    name: "Doppler CLI"
      - uses: docker://dopplerhq/cli:2
          entrypoint: sh
            - -c
            - doppler run -- ./your-command-here
          DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
          ENCLAVE_PROJECT: ${{ secrets.ENCLAVE_PROJECT }}
          ENCLAVE_CONFIG: ${{ secrets.ENCLAVE_CONFIG }}
  - name: 'dopplerhq/cli:2'
    entrypoint: 'bash'
      - '-c'
      - doppler run -- ./your-command-here
doppler run -- ./your-command-here
   doppler login && doppler enclave setup

   doppler run -- go build -o server main.go

Amazing Work!

Next, let's set up authentication with Doppler for staging & production with Service Tokens.

Updated 2 days ago


reading time 10 minutes

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.