Vercel
This guide will show you how to set up automatic syncing of Doppler secrets to Vercel.
Prerequisites
- You currently have a project on Vercel using environment variables for configuration
Authorize Doppler
Navigate to the project you would like to integrate, click Integrations from the Projects menu, then click Vercel to begin the authorization process.
You now then be redirected to authorize the Doppler application for Vercel. Click Authorize which will take you back to the Doppler dashboard.
Setup Integration
Vercel has three environments: Development, Preview (Staging), and Production, and a separate Vercel integration is required for each environment.
After authorizing Doppler for Vercel, you'll then be taken to the Setup Integration page to select the first config to sync for your project, selecting the:
- Team,
- Vercel project,
- Vercel environment, and
- Doppler config
Click Setup Integration and your secrets for that config will now be automatically synced to Vercel.
The final step is to set up integrations for the remaining Vercel environments by clicking New Integration and completing the configuration flow as done in the previous step, but for a different Vercel environment.
You can then confirm all Vercel environments have secrets syncing configured by clicking on the Vercel icon from the Integrations page:
You should see a Vercel integration for each environment:
Reserved Environment Variables
The following Environment Variable cannot be used in configs synced to Vercel as they are reserved for use by the Vercel runtime:
- AWS_REGION
- AWS_DEFAULT_REGION
- AWS_ACCESS_KEY_ID
- AWS_SECRET_KEY
- AWS_SECRET_ACCESS_KEY
- AWS_EXECUTION_ENV
- AWS_LAMBDA_LOG_GROUP_NAME
- AWS_LAMBDA_LOG_STREAM_NAME
- AWS_LAMBDA_FUNCTION_NAME
- AWS_LAMBDA_FUNCTION_MEMORY_SIZE
- AWS_LAMBDA_FUNCTION_VERSION
- AWS_SESSION_TOKEN
- NOW_REGION
- TZ
- LAMBDA_TASK_ROOT
- LAMBDA_RUNTIME_DIR
Amazing Work!You have now configured Doppler to sync secrets for every Vercel environment.
Updating your Vercel sync to use sensitive environment variables
Vercel recommends storing all secrets as sensitive environment variables. Sensitive variables cannot be read back via the Vercel dashboard or API after being set.
Doppler defaults to Sensitive for all Vercel syncs. However, if your sync was created before Vercel released Sensitive environment variable support, it may use the older Encrypted setting and must be recreated.
Steps
- Navigate to the Integrations page in your Doppler workspace.
- Under the Connections section, find your Vercel connection(s) and click on the project or ellipsis menu to view details.
- For each sync, delete and recreate it one at a time:
- Click the ellipsis menu and select Delete. Important: When prompted, choose "Delete all secrets in Vercel" as well. This prevents existing Encrypted variables from remaining in Vercel.
- Note: If your Vercel project is configured to auto-deploy on environment variable changes, deleting secrets may trigger a redeployment.
- Once deleted, recreate your sync and select "Sensitive" as the environment variable type.
- Click the ellipsis menu and select Delete. Important: When prompted, choose "Delete all secrets in Vercel" as well. This prevents existing Encrypted variables from remaining in Vercel.
- After recreating each sync, verify in Vercel under Environment Variables that the Sensitive badge is displayed next to your synced variables.
Updated about 1 month ago