Each sync integration type has its own configuration parameters which must be provided in the data field. Some parameter values are completely user-defined (e.g. AWS Secret Manager path) but others are identifiers from the external service (e.g. Fly.io app ID). You can use the Integration > Get Options endpoint to fetch all available options for a particular integration.
Below are the data fields for each integration type:
AWS Secrets Manager
Field
Type
Description
path
string
The path of the AWS Secret Manager secret
region
string
The AWS region to create the secret (e.g. us-east-1)
tags
object<string, string> (optional)
Tags to attach to the AWS secrets
AWS Parameter Store
Field
Type
Description
path
string
The path of the parameters in AWS
region
string
The AWS region to create the secret (e.g. us-east-1)
tags
object<string, string> (optional)
Tags to attach to the parameters
secure_string
boolean (optional)
Whether or not the parameters should be created as secure strings (defaults to true)
Azure Vault (Service Principal)
Field
Type
Description
sync_strategy
string
Determines whether secrets are synced to a single secret (single-secret) as a JSON object or multiple discrete secrets (multi-secret).
vault_uri
string
The Azure Vault URI for the vault secrets will be synced to.
single_secret_name
string (optional)
The name of the secret being synced to when using the single-secret sync strategy. Ignored when using multi-secret sync strategy.
CircleCI
Field
Type
Description
resource_type
string
Either "project" or "context", based on the resource type to sync to
resource_id
string
The resource ID (either project or context) to sync to
organization_slug
string
The organization slug where the resource is located
Fly.io
Field
Type
Description
app_id
string
The Fly.io app ID to sync to
restart_machines
boolean
Whether or not Doppler should automatically restart Fly.io machines after secrets are synced
GCP Secret Manager
Field
Type
Description
sync_strategy
string
Determines whether secrets are synced to a single secret (single-secret) as a JSON object or multiple discrete secrets (multi-secret).
regions
array
The GCP regions used for replication. Can include any supported GCP region or ["automatic"]. automatic cannot be used if other regions are listed.
format
string (optional)
Specifies the format secrets will be stored in. Either env or json. Defaults to json.
name
string
The name used to store the secret when sync_strategy is set to single-secret (note that the integration's gcp_secret_prefix will be prepended to this).
GitHub Actions
Field
Type
Description
sync_target
string
Either "repo" or "org", based on the resource type to sync to
repo_name
string (repo only)
The name of the GitHub repo
environment_name
string (optional, repo only)
The name of the GitHub repo environment to sync to
org_scope
string (org only)
Either "all" or "private", based on what repos you want to have access to the secrets inside the org
Heroku
Field
Type
Description
project_type
string
Either "app" or "pipeline", based on the resource type to sync to
pipeline_id
string (pipeline only)
The Heroku pipeline ID to sync to
stage
string (pipeline only)
The Heroku pipeline stage to sync to
app_id
string (app only)
The Heroku app ID to sync to
Terraform Cloud
Field
Type
Description
sync_target
string
Either "workspace" or "variableSet", based on the resource type to sync to
workspace_id
string (workspace only)
The Terraform Cloud workspace ID to sync to
variable_set_id
string (variable set only)
The Terraform Cloud variable set ID to sync to
variable_sync_type
string
Either "terraform" to sync secrets as Terraform variables or "env" to sync as environment variables
name_transform
string
A name transform to apply before syncing secrets: "none" or "lowercase"
Language
Credentials
OAuth2
Click Try It! to start a request and see the response here!
