Each sync integration type has its own configuration parameters which must be provided in the data
field. Some parameter values are completely user-defined (e.g. AWS Secret Manager path) but others are identifiers from the external service (e.g. Fly.io app ID). You can use the Integration > Get Options endpoint to fetch all available options for a particular integration.
Below are the data
fields for each integration type:
Field | Type | Description |
---|
path | string | The path of the AWS Secret Manager secret |
region | string | The AWS region to create the secret (e.g. us-east-1) |
tags | object<string, string> (optional) | Tags to attach to the AWS secrets |
Field | Type | Description |
---|
path | string | The path of the parameters in AWS |
region | string | The AWS region to create the secret (e.g. us-east-1) |
tags | object<string, string> (optional) | Tags to attach to the parameters |
secure_string | boolean (optional) | Whether or not the parameters should be created as secure strings (defaults to true) |
Field | Type | Description |
---|
sync_strategy | string | Determines whether secrets are synced to a single secret (single-secret ) as a JSON object or multiple discrete secrets (multi-secret ). |
vault_uri | string | The Azure Vault URI for the vault secrets will be synced to. |
single_secret_name | string (optional) | The name of the secret being synced to when using the single-secret sync strategy. Ignored when using multi-secret sync strategy. |
Field | Type | Description |
---|
resource_type | string | Either "project" or "context", based on the resource type to sync to |
resource_id | string | The resource ID (either project or context) to sync to |
organization_slug | string | The organization slug where the resource is located |
Field | Type | Description |
---|
app_id | string | The Fly.io app ID to sync to |
restart_machines | boolean | Whether or not Doppler should automatically restart Fly.io machines after secrets are synced |
Field | Type | Description |
---|
sync_strategy | string | Determines whether secrets are synced to a single secret (single-secret ) as a JSON object or multiple discrete secrets (multi-secret ). |
regions | array<string> | The GCP regions used for replication. Can include any supported GCP region or ["automatic"] . automatic cannot be used if other regions are listed. |
format | string (optional) | Specifies the format secrets will be stored in. Either env or json . Defaults to json . |
name | string | The name used to store the secret when sync_strategy is set to single-secret (note that the integration's gcp_secret_prefix will be prepended to this). |
Field | Type | Description |
---|
sync_target | string | Either "repo" or "org", based on the resource type to sync to |
repo_name | string (repo only) | The name of the GitHub repo |
environment_name | string (optional, repo only) | The name of the GitHub repo environment to sync to |
org_scope | string (org only) | Either "all" or "private", based on what repos you want to have access to the secrets inside the org |
Field | Type | Description |
---|
project_type | string | Either "app" or "pipeline", based on the resource type to sync to |
pipeline_id | string (pipeline only) | The Heroku pipeline ID to sync to |
stage | string (pipeline only) | The Heroku pipeline stage to sync to |
app_id | string (app only) | The Heroku app ID to sync to |
Field | Type | Description |
---|
sync_target | string | Either "workspace" or "variableSet", based on the resource type to sync to |
workspace_id | string (workspace only) | The Terraform Cloud workspace ID to sync to |
variable_set_id | string (variable set only) | The Terraform Cloud variable set ID to sync to |
variable_sync_type | string | Either "terraform" to sync secrets as Terraform variables or "env" to sync as environment variables |
name_transform | string | A name transform to apply before syncing secrets: "none" or "lowercase" |