Secrets Setting Guide
reading time 3 minutes
The doppler secrets set
command allows you to create or update one or more secrets via an interactive mode, key-value pairs, or stdin
.
For sensitive environments or when
doppler secrets set
is used in a script whose output will be captured (e.g. log aggregation service), use the--silent
flag to prevent the secret value from being output upon completion.
Exclude from Shell History
Bash and ZSH shells can disable doppler secrets set
commands from being stored in their history using environment variables:
export HISTIGNORE='*doppler secrets set*'
HISTORY_IGNORE="(doppler secrets set*)"
Interactive Mode
To set a single secret, it's recommended to use interactive mode which allows you to type in the secret value without the value appearing in your shell history:
doppler secrets set API_KEY
Enter your secret value
When finished, type a newline followed by a period
Run 'doppler secrets set --help' for more information
ββββββββββββββββββββ START INPUT ββββββββββββββββββββ
0ffb75cc-61fa-445a-84ea-941ac976e633
.
βββββββββββββββββββββ END INPUT βββββββββββββββββββββ
This mode also works brilliantly for multiline secrets:
doppler secrets set SERVER_CONF
Enter your secret value
When finished, type a newline followed by a period
Run 'doppler secrets set --help' for more information
ββββββββββββββββββββ START INPUT ββββββββββββββββββββ
{
"HOSTNAME": "doppler.university",
"PORT": "8080",
"API_KEY": "API_KEY": "0ffb75cc-61fa-445a-84ea-941ac976e633"
}
.
βββββββββββββββββββββ END INPUT βββββββββββββββββββββ
Key-Value Pairs
Key-value pairs can be used to set one or more secrets with a single command:
doppler secrets set HOSTNAME="doppler.university"
doppler secrets set PORT="8080" API_KEY="0ffb75cc-61fa-445a-84ea-941ac976e633"
Visibility
You can set the visibility of a secret you're creating with the --visibility
flag:
doppler secrets set PORT="8081" --visibility unmasked
Accepted values are: unmasked
, masked
, restricted
Type
You can set the value type of a secret you're creating with the --type
flag:
doppler secrets set PORT="8081" --type integer
A table of accepted values can be found in the value type documentation.
stdin
Using stdin
is well suited to setting secrets whose value is the contents of a file:
cat doppler.university.pem | doppler secrets set TLS_CERT
cat doppler.university-key.pem | doppler secrets set TLS_KEY
rm doppler.university.pem doppler.university-key.pem
Or capturing the output of another command or script as the secret value:
base64 -i doppler.university.p12 | doppler secrets set PKCS12_CERT
rm doppler.university.p12
Uploading
When starting out with Doppler, you've likely got an existing app config file (e.g. .env
or config.json
) and you can use the doppler secrets upload
command to populate the secrets for a new project without leaving the terminal.
# ENV and JSON formats supported
doppler secrets upload sample.env
doppler secrets upload secrets.json
Awesome Work!
Now you know how to set secrets using the Doppler CLI.
Updated 6 months ago