Documentation

We are here to help you get from zero to one fast.

Get Started    Discussions

Secrets

reading time 8 minutes

Secrets in Enclave work very similarly to how they would on any other platform, with a few exceptions. Our secrets engine has a couple of built-in perks!

Secret Names

Secret names must adhere to a specific format:

  • Secret names may only contain uppercase letters, numbers, and underscores
  • Secret names may not start with a number

For example, DATABASE_URL is a valid secret name while 1secret_name is not.

This strict format ensures that your secrets will work as expected when injected into an environment (regardless of the shell).

Referencing Secrets

The Enclave engine supports referencing secrets with the straightforward pattern ${SECRET_NAME}. Here is an example:

NameValue
USERbrian
PORT3030
WEBSITE${USER}.doppler.com:${PORT}

Now, when we access the WEBSITE secret, the USER and PORT secrets will be inserted.

$ doppler enclave secrets --raw

ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¬ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¬ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”
ā”‚ NAME    ā”‚ VALUE                  ā”‚ RAW                         ā”‚
ā”œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¼ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¼ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¤
ā”‚ PORT    ā”‚ 3030                   ā”‚ 3030                        ā”‚
ā”‚ USER    ā”‚ brian                  ā”‚ brian                       ā”‚
ā”‚ WEBSITE ā”‚ brian.doppler.com:3030 ā”‚ ${USER}.doppler.com:${PORT} ā”‚
ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”“ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”“ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜

Referencing Across Projects

For workplaces on paid plans you can reference secrets across configs and projects.

TypeNotation
Same config${SECRET_NAME}
Across configs${config.SECRET_NAME}
Across projects${project.config.SECRET_NAME}

Now lets see this in practice! Here is what it would look like to reference the STRIPE_API_KEY secret in the billing project in the prd config.

TypeNotation
Same config${STRIPE_API_KEY}
Across configs${prd.STRIPE_API_KEY}
Across projects${billing.prd.STRIPE_API_KEY}

Reserved Secrets

Enclave has a few special secrets you can use which makes it easier to track where you are in your CI/CD pipeline.

NameDescriptionExample
DOPPLER_ENCLAVE_PROJECTIdentifier of current project58ded6ac873
DOPPLER_ENCLAVE_ENVIRONMENTIdentifier of the current environmentdev
DOPPLER_ENCLAVE_CONFIGName of the current configdev_stripe_billing

Updated a day ago



Secrets


reading time 8 minutes

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.