Each sync integration type has its own configuration parameters which must be provided in the data field. Some parameter values are completely user-defined (e.g. AWS Secret Manager path) but others are identifiers from the external service (e.g. Fly.io app ID). You can use the Integration > Get Options endpoint to fetch all available options for a particular integration.
Below are the data fields for each integration type:
| Field | Type | Description |
|---|
| path | string | The path of the AWS Secret Manager secret |
| region | string | The AWS region to create the secret (e.g. us-east-1) |
| tags | object<string, string> (optional) | Tags to attach to the AWS secrets |
| Field | Type | Description |
|---|
| path | string | The path of the parameters in AWS |
| region | string | The AWS region to create the secret (e.g. us-east-1) |
| tags | object<string, string> (optional) | Tags to attach to the parameters |
| secure_string | boolean (optional) | Whether or not the parameters should be created as secure strings (defaults to true) |
| Field | Type | Description |
|---|
| sync_strategy | string | Determines whether secrets are synced to a single secret (single-secret) as a JSON object or multiple discrete secrets (multi-secret). |
| vault_uri | string | The Azure Vault URI for the vault secrets will be synced to. |
| single_secret_name | string (optional) | The name of the secret being synced to when using the single-secret sync strategy. Ignored when using multi-secret sync strategy. |
| Field | Type | Description |
|---|
| resource_type | string | Either "project" or "context", based on the resource type to sync to |
| resource_id | string | The resource ID (either project or context) to sync to |
| organization_slug | string | The organization slug where the resource is located |
| Field | Type | Description |
|---|
| app_id | string | The Fly.io app ID to sync to |
| restart_machines | boolean | Whether or not Doppler should automatically restart Fly.io machines after secrets are synced |
| Field | Type | Description |
|---|
| sync_strategy | string | Determines whether secrets are synced to a single secret (single-secret) as a JSON object or multiple discrete secrets (multi-secret). |
| regions | array<string> | The GCP regions used for replication. Can include any supported GCP region or ["automatic"]. automatic cannot be used if other regions are listed. |
| format | string (optional) | Specifies the format secrets will be stored in. Either env or json. Defaults to json. |
| name | string | The name used to store the secret when sync_strategy is set to single-secret (note that the integration's gcp_secret_prefix will be prepended to this). |
| Field | Type | Description |
|---|
| sync_target | string | Either "repo" or "org", based on the resource type to sync to |
| repo_name | string (repo only) | The name of the GitHub repo |
| environment_name | string (optional, repo only) | The name of the GitHub repo environment to sync to |
| org_scope | string (org only) | Either "all" or "private", based on what repos you want to have access to the secrets inside the org |
| Field | Type | Description |
|---|
| project_type | string | Either "app" or "pipeline", based on the resource type to sync to |
| pipeline_id | string (pipeline only) | The Heroku pipeline ID to sync to |
| stage | string (pipeline only) | The Heroku pipeline stage to sync to |
| app_id | string (app only) | The Heroku app ID to sync to |
| Field | Type | Description |
|---|
| sync_target | string | Either "workspace" or "variableSet", based on the resource type to sync to |
| workspace_id | string (workspace only) | The Terraform Cloud workspace ID to sync to |
| variable_set_id | string (variable set only) | The Terraform Cloud variable set ID to sync to |
| variable_sync_type | string | Either "terraform" to sync secrets as Terraform variables or "env" to sync as environment variables |
| name_transform | string | A name transform to apply before syncing secrets: "none" or "lowercase" |
