Guides
GuidesAPISupportStatusCommunitySign Up

GitHub Dependabot

Bring new features and workflows for managing repository secrets with our GitHub integration.

Prerequisites

  • You have created a project in Doppler
  • You have a GitHub account with repository permissions for configuring GitHub Secrets, Actions, Codespaces, and Dependabot (and optionally organization permissions for configuring GitHub Organization Secrets).

GitHub Environment

As GitHub doesn't fit into either Development, Staging, or Production, we'll create a dedicated GitHub environment.

Head to the Project page and click Options > Create Environment, then name it GitHub and optionally change the order to have it placed after Development.

A video expla

Authorization

The next step is authorizing the Doppler GitHub Application to provide access for syncing secrets from Doppler to a chosen repository.

To authorize, click Integrations from the Projects menu, then select GitHub:

Choose the GitHub account or organization to authorize:

Select which repositories Doppler will have secrets access to:

You'll then be redirected back to Doppler.

Sync Creation

You can now set up your integration using the provided dropdowns.

  • For the 'Feature' you can select Actions, Codespaces or Dependabot. Choose the appropriate option here.
  • If your GitHub integration connection is to a GitHub Organization, then you'll be presented with a 'Sync Target' option that allows you to select Repository or Organization.
  • Next, you'll be presented with one of two options depending upon if your GitHub integration connection is to a GitHub Organization:
    • Non-Organization Account: You'll be presented with a Repository dropdown where you will select one of the repositories the Doppler app can access.
    • Organization Account:
      • For the 'Repository' sync target you will select one of the repositories the Doppler app can access.
      • For the 'Organization' sync target, you can select either Private Repositories or All Repositories for the scope of the sync.
  • Finally, select the Config you wish to sync with your GitHub environment.

Click Set Up Integration, and once complete, Doppler will have synced all secrets in the chosen config, as well as creating three DOPPLER specific secrets:

Now every time you add, update or remove a secret in Doppler, that change will be instantly reflected in the GitHub secrets for the chosen feature and repository.

πŸ“˜

Doppler cannot import existing secrets or sync changes to secrets made in GitHub as the secret values are hidden. All secret changes should be made in Doppler to avoid possible confusion.

Organization Secrets

If you connected Doppler to a GitHub Organization, then you'll have the option to sync your secrets to your GitHub Organization Secrets. When setting up the sync, you'll find a Sync Target option that lets you choose between a Repository and the Organization. Choose Organization and then select the Secret Scope you'd like to use.

All Repositories will make any secrets you sync here accessible to both public and private repos in your organization. Private Repositories will only make the secrets accessible to private repos in your organization. After selecting a scope, choose which config you want to have synced over and then click Set Up Integration.


Importing Secrets from GitHub Dependabot

GitHub's API doesn't provide a way to fetch the actual secret values for GitHub Dependabot secrets, so our integration syncs don't provide an import option.


πŸ‘

Amazing Work!

The Doppler GitHub integration will now instantly sync your secret changes to GitHub.

Updated 6 days ago