This guide will show you how to use Doppler to provide secrets to CI jobs in LayerCI.
- You have created a project in Doppler
- You have a LayerCI project and have access to set LayerCI Secrets
As LayerCI doesn't exactly fit into Development, Staging, or Production, we'll create a custom environment. Head to the Project page, then click Options.
Now click Create Environment.
Give the environment a name, e.g. LayerCI and a short name, then click Create New.
Next, you can drag-and-drop the LayerCI environment to alter its position, e.g. before Staging.
Create a Doppler Service Token that the Doppler CLI will use to access your secrets by selecting the Access tab, then click the Generate button.
Give the token a name like "LayerCI", then copy the Service Token value which we will then use to create a new LayerCI Secret.
Now in LayerCI, go to Secrets and add a new secret named DOPPLER_TOKEN using the token content copied to the clipboard. You can choose to expose this token to specific projects or all of them.
Now, let's create a simple LayerCI Layerfile to show you how to access secrets from Doppler.
First, install the Doppler CLI, then load the DOPPLER_TOKEN variable from your LayerCI secrets, and finally use
doppler run to fetch the config secrets
FROM vm/ubuntu:18.04 # Install Doppler RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh COPY . . # Load DOPPLER_TOKEN secret from LayerCI SECRET ENV DOPPLER_TOKEN # Test Doppler secrets access RUN doppler run -- printenv | grep DOPPLER # Testing purposes only
A successful run log should produce output similar to the following:
If your jobs require specific variables for different environments, e.g. preview vs. production builds, then you'll need a different approach than using a single
DOPPLER_TOKEN environment variable.
The solution is to use Doppler branch configs to create environment-specific configs.
Then create a Doppler Service Token and LayerCI Secret for each config.
doppler run command will need to use the
--token flag as the
DOPPLER_TOKEN environment variable does not exist. An example of a build that uses both our Preview and Production service tokens could look like the following:
FROM vm/ubuntu:18.04 # Install Doppler RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh COPY . . # Load several Doppler tokens from LayerCI SECRET ENV DOPPLER_TOKEN_PREVIEW SECRET ENV DOPPLER_TOKEN_PRODUCTION # Test Doppler secrets access for both RUN doppler -t $DOPPLER_TOKEN_PREVIEW run -- printenv | grep DOPPLER # Testing purposes only RUN doppler -t $DOPPLER_TOKEN_PRODUCTION run -- printenv | grep DOPPLER # Testing purposes only
Now you are all set up using the Doppler CLI to provide secrets to your LayerCI builds in both single, and multi-environment workflows.
Updated 5 months ago