Secrets
reading time 3 mins
Secrets in Doppler work very similarly to how they would on any other platform, with a few exceptions. Our secrets engine has a couple of built-in perks!
Secret Names
Secret names must adhere to a specific format:
- Secret names may only contain uppercase letters, numbers, and underscores
- Secret names may not start with a number
For example, DATABASE_URL is a valid secret name while 1secret_name is not.
This strict format ensures that your secrets will work as expected when injected into an environment (regardless of the shell).
Doppler CLI
See our dedicated Doppler CLI User Guide to learn how to get started managing secrets from the command line.
Finding Secrets
You can quickly find which projects and configs contain a particular secret by using the global search bar at the top of the dashboard. Type in the name of the secret and the projects that contain it will be listed. Click on the expansion arrow next to the project name to view which configs contain the secret.
Importing Secrets
Importing from Files
You can quickly import secrets in ENV, JSON, or YAML format by choosing the Import Secrets option from the dropdown next to the Add Secret button.
After choosing that option, you'll be presented with a form where you can paste what you want to import (you can also drag the file you want to import β assuming it's in a supported format β right into the field).
Once the import is complete, just save the config!
Importing from Another Config
You can import secrets from another Doppler config by choosing the Import from Other Config option.
This will pull in all the secrets form the Doppler config you select. After doing that, add, remove or modify any of the secrets it pulled in save the config!
Importing from the CLI
You can also import secrets via the Doppler CLI to accommodate more automated workflows. This command accepts ENV, JSON, or YAML formatted files.
doppler secret upload secrets.json
It's also possible to upload secrets from one config to another:
doppler secrets upload -p DESTINATION_PROJECT -c DESTINATION_CONFIG <(doppler secrets download -p SOURCE_PROJECT -c SOURCE_CONFIG --no-file --format json)
Valid Formats
ENV
AWS_ACCESS_KEY_ID="...."
AWS_SECRET_ACCESS_KEY="...."
DATABASE_URL="...."
STRIPE_API_KEY="...."
JSON
The expected JSON format for importing should look something like this:
{
"AWS_ACCESS_KEY_ID": "....",
"AWS_SECRET_ACCESS_KEY": "....",
"DATABASE_URL": "....",
"STRIPE_API_KEY": "...."
}
YAML
---
AWS_ACCESS_KEY_ID: "...."
AWS_SECRET_ACCESS_KEY: "...."
DATABASE_URL: "...."
STRIPE_API_KEY: "...."
Updating Across Environments
When adding or updating a secret, you're able to mirror the change to any of the other environments inside the project you're working in. This allows you to quickly modify any secrets that are the same across multiple configs all at once.
Using secret references may work better in some scenarios where you would otherwise need to do this, so be sure to consider using those instead where it makes sense!
Missing Secret Detection
You'll be warned with a red box indicating how many secrets are missing whenever a secret is set in one environment but not another.
When you view one of those environments, you'll see an Action Required section indicating which secrets are missing. You'll have the opportunity to dismiss them if this is expected (which removes the red warning indicator).
If a missing secret accidentally gets dismissed, you can restore the warning as well by choosing Manage Dismissed Secrets from the project options menu.
You'll then have the option to choose which secrets you want to restore the warning for.
Visibility
You can control the interaction with secrets in the dashboard and CLI by setting their visibility. See our dedicated page on Secret Visibility to learn more about how these work and how to use them!
Value Type
You can set a value type on a secret to have Doppler enforce that the provided value matches the given type. For example, if the value type is JSON, the value must be parseable as JSON. The default value type (string) will accept any value. Available value types to choose from include:
| Type | Slug | Example |
|---|---|---|
| Boolean | boolean | true, false |
| CUID2 | cuid2 | ju2y9f5qm67gc4go6m4o1kcx |
| Date (ISO 8601) | date | 2024-06-20 |
| Datetime (ISO 8601) | datetime | 2024-06-20T16:39:57Z (only the UTC/Zulu timezone is supported) |
| Decimal | decimal | 1, 1.0 |
| Direct Reference | directReference | ${example_project.dev.PORT} |
email | [email protected] | |
| Integer | integer | 1, 100 |
| JSON | json | { "test": 1234 } |
| JSON5 | json5 | { test: 1234 } |
| String | string | example |
| ULID | ulid | 01ARZ3NDEKTSV4RRFFQ69G5FAV |
| URL | url | https://www.doppler.com |
| UUID (v4) | uuid | 11bf5b37-e0b8-42e0-8dcf-dc8c4aefc000 |
| YAML | yaml | <pre>foo: bar<br>stuff:<br> foo: bar<br> bar: foo</pre> |
| XML | xml | <note><heading>Example</heading><body>This is some XML!</body></note> |
Updated 8 days ago