Secrets Setting Guide

reading time 3 minutes

The doppler secrets set command allows you to create or update one or more secrets via an interactive mode, key-value pairs, or stdin.

πŸ“˜

For sensitive environments or when doppler secrets set is used in a script whose output will be captured (e.g. log aggregation service), use the --silent flag to prevent the secret value from being output upon completion.

Exclude from Shell History

Bash and ZSH shells can disable doppler secrets set commands from being stored in their history using environment variables:

export HISTIGNORE='*doppler secrets set*'
HISTORY_IGNORE="(doppler secrets set*)"

Interactive Mode

To set a single secret, it's recommended to use interactive mode which allows you to type in the secret value without the value appearing in your shell history:

doppler secrets set API_KEY

Enter your secret value
When finished, type a newline followed by a period
Run 'doppler secrets set --help' for more information
β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€” START INPUT β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”
0ffb75cc-61fa-445a-84ea-941ac976e633

.
β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€” END INPUT β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”

This mode also works brilliantly for multiline secrets:

doppler secrets set SERVER_CONF

Enter your secret value
When finished, type a newline followed by a period
Run 'doppler secrets set --help' for more information
β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€” START INPUT β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”
{
  "HOSTNAME": "doppler.university",
  "PORT": "8080",
  "API_KEY": "API_KEY": "0ffb75cc-61fa-445a-84ea-941ac976e633"
}

.
β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€” END INPUT β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”

Key-Value Pairs

Key-value pairs can be used to set one or more secrets with a single command:

doppler secrets set HOSTNAME="doppler.university"
doppler secrets set PORT="8080" API_KEY="0ffb75cc-61fa-445a-84ea-941ac976e633"

Visibility

You can set the visibility of a secret you're creating with the --visibility flag:

doppler secrets set PORT="8081" --visibility unmasked

Accepted values are: unmasked, masked, restricted

Type

You can set the value type of a secret you're creating with the --type flag:

doppler secrets set PORT="8081" --type integer

A table of accepted values can be found in the value type documentation.

stdin

Using stdin is well suited to setting secrets whose value is the contents of a file:

cat doppler.university.pem | doppler secrets set TLS_CERT
cat doppler.university-key.pem | doppler secrets set TLS_KEY
rm doppler.university.pem doppler.university-key.pem

Or capturing the output of another command or script as the secret value:

base64 -i doppler.university.p12 | doppler secrets set PKCS12_CERT
rm doppler.university.p12

Uploading

When starting out with Doppler, you've likely got an existing app config file (e.g. .env or config.json) and you can use the doppler secrets upload command to populate the secrets for a new project without leaving the terminal.

# ENV and JSON formats supported
doppler secrets upload sample.env
doppler secrets upload secrets.json

πŸ‘

Awesome Work!

Now you know how to set secrets using the Doppler CLI.