Create

Create a new secrets sync.

General

Each sync integration type has its own configuration parameters which must be provided in the data field. Some parameter values are completely user-defined (e.g. AWS Secret Manager path) but others are identifiers from the external service (e.g. Fly.io app ID). You can use the Integration > Get Options endpoint to fetch all available options for a particular integration.

Below are the data fields for each integration type:

AWS Secrets Manager

FieldTypeDescription
pathstringThe path of the AWS Secret Manager secret
regionstringThe AWS region to create the secret (e.g. us-east-1)
tagsobject<string, string> (optional)Tags to attach to the AWS secrets

AWS Parameter Store

FieldTypeDescription
pathstringThe path of the parameters in AWS
regionstringThe AWS region to create the secret (e.g. us-east-1)
tagsobject<string, string> (optional)Tags to attach to the parameters
secure_stringboolean (optional)Whether or not the parameters should be created as secure strings (defaults to true)

Azure Vault (Service Principal)

FieldTypeDescription
sync_strategystringDetermines whether secrets are synced to a single secret (single-secret) as a JSON object or multiple discrete secrets (multi-secret).
vault_uristringThe Azure Vault URI for the vault secrets will be synced to.
single_secret_namestring (optional)The name of the secret being synced to when using the single-secret sync strategy. Ignored when using multi-secret sync strategy.

CircleCI

FieldTypeDescription
resource_typestringEither "project" or "context", based on the resource type to sync to
resource_idstringThe resource ID (either project or context) to sync to
organization_slugstringThe organization slug where the resource is located

Fly.io

FieldTypeDescription
app_idstringThe Fly.io app ID to sync to
restart_machinesbooleanWhether or not Doppler should automatically restart Fly.io machines after secrets are synced

GCP Secret Manager

FieldTypeDescription
sync_strategystringDetermines whether secrets are synced to a single secret (single-secret) as a JSON object or multiple discrete secrets (multi-secret).
regionsarrayThe GCP regions used for replication. Can include any supported GCP region or ["automatic"]. automatic cannot be used if other regions are listed.
formatstring (optional)Specifies the format secrets will be stored in. Either env or json. Defaults to json.
namestringThe name used to store the secret when sync_strategy is set to single-secret (note that the integration's gcp_secret_prefix will be prepended to this).

GitHub Actions

FieldTypeDescription
sync_targetstringEither "repo" or "org", based on the resource type to sync to
repo_namestring (repo only)The name of the GitHub repo
environment_namestring (optional, repo only)The name of the GitHub repo environment to sync to
org_scopestring (org only)Either "all" or "private", based on what repos you want to have access to the secrets inside the org

Heroku

FieldTypeDescription
project_typestringEither "app" or "pipeline", based on the resource type to sync to
pipeline_idstring (pipeline only)The Heroku pipeline ID to sync to
stagestring (pipeline only)The Heroku pipeline stage to sync to
app_idstring (app only)The Heroku app ID to sync to

Terraform Cloud

FieldTypeDescription
sync_targetstringEither "workspace" or "variableSet", based on the resource type to sync to
workspace_idstring (workspace only)The Terraform Cloud workspace ID to sync to
variable_set_idstring (variable set only)The Terraform Cloud variable set ID to sync to
variable_sync_typestringEither "terraform" to sync secrets as Terraform variables or "env" to sync as environment variables
name_transformstringA name transform to apply before syncing secrets: "none" or "lowercase"
Language
Credentials
OAuth2
Click Try It! to start a request and see the response here!