Universal Import Guide

Universal Import

Universal Import is used to push secrets directly to engineering services and production infrastructure with the click of a button. Users are able to import secrets from 3rd party services into Doppler without leaving the partner’s platform. This guide provides an overview of how Universal Import works.

Design flow

You can find more information on how Doppler generally works here.

Encryption

The @dopplerhq/universal-import-core NPM package leverages tweetnacl-sealedbox-js for encryption.

Sealed boxes are designed to anonymously send messages to a recipient given their public key.

Only the recipient can decrypt these messages using their private key. While the recipient can verify the integrity of the message, they cannot verify the identity of the sender.

A message is encrypted using an ephemeral key pair, with the secret key being erased right after the encryption process.

Without knowing the secret key used for a given message, the sender cannot decrypt the message later. Furthermore, without additional data, a message cannot be correlated with the identity of its sender.

source: https://doc.libsodium.org/public-key_cryptography/sealed_boxes

Tracking

Some general, anonymous analytics are provided when the packages make requests to Doppler.

  • When the encryption key was fetched
  • The source of the import (via the referrer header)
  • Which core package version is being used by partners once the user clicks the import button

Doppler is committed to transparency. You can find more information from the GitHub repository directly here.

Installing Universal Import

  1. Install the package with npm or your preferred package manager (yarn,pnpm or other):

    npm i @dopplerhq/universal-import-react

  2. Import the @dopplerhq/universal-import-react package in your code (which exposes a react component as the default export):

import DopplerImportButton from "@dopplerhq/universal-import-react"; 
‍‍
const secret = {
  name: "EXAMPLE_NAME",
  value: "example_value"
}

<DopplerImportButton
   secretName={secret.name}
   secretValue={secret.value}
/>

You can also check out our Universal Import hub, where you’ll find some additional information on how it works for the end user.

For more information on Doppler, check out our Welcome guide, which has helpful links to several articles that help get teams fully set up within 30 minutes.