When deploying your service to a 3rd party provider like AWS, GCP, Circle CI, and Travis you will need to generate a service token. Unlike your personal API key or auth token used by the the Doppler CLI, a service token provides read-only access to a single config.

Let's walk through how to create, use, and revoke a service token.

Creating a Token

To create a token, go to a project and then select a config. From there you want to select the access tab. You should now see a screen similar to this.

Next click on the Generate Service Token button. This will open a dialog where you can name the service token.

After naming the service token and clicking the Generate button, you should see the service token appear. You can revoke this service token at any time.

Once you have copied your service token, it will not be shown again.

Using a Sevice Token

You can pass your service token directly to the CLI. This will automatically fetch and save the configured project and config to the CLI's config file for later use. It will also save the token.

doppler enclave setup --no-prompt --token=<SERVICE TOKEN>

Revoking a Token

Revoking a service token is immediate and non-reversible. To revoke a token, click the "Revoke" button on the token you'd like to remove. After doing so you will see a confirmation dialog.