General

Each sync integration type has its own configuration parameters which must be provided in the data field. Some parameter values are completely user-defined (e.g. AWS Secret Manager path) but others are identifiers from the external service (e.g. Fly.io app ID). You can use the Integration > Get Options endpoint to fetch all available options for a particular integration.

Below are the data fields for each integration type:

AWS Secrets Manager

Field	Type	Description
path	string	The path of the AWS Secret Manager secret
region	string	The AWS region to create the secret (e.g. us-east-1)
tags	object<string, string> (optional)	Tags to attach to the AWS secrets
use_doppler_suffix	boolean (optional)	Whether or not to append "doppler" to the end of the provided path (defaults to true)

AWS Parameter Store

Field	Type	Description
path	string	The path of the parameters in AWS
region	string	The AWS region to create the secret (e.g. us-east-1)
tags	object<string, string> (optional)	Tags to attach to the parameters
secure_string	boolean (optional)	Whether or not the parameters should be created as secure strings (defaults to true)

Azure Vault (Service Principal)

Field	Type	Description
sync_strategy	string	Determines whether secrets are synced to a single secret (`single-secret`) as a JSON object or multiple discrete secrets (`multi-secret`).
vault_uri	string	The Azure Vault URI for the vault secrets will be synced to.
single_secret_name	string (optional)	The name of the secret being synced to when using the `single-secret` sync strategy. Ignored when using `multi-secret` sync strategy.

CircleCI

Field	Type	Description
resource_type	string	Either "project" or "context", based on the resource type to sync to
resource_id	string	The resource ID (either project or context) to sync to
organization_slug	string	The organization slug where the resource is located

Fly.io

Field	Type	Description
app_id	string	The Fly.io app ID to sync to
restart_machines	boolean	Whether or not Doppler should automatically restart Fly.io machines after secrets are synced

GCP Secret Manager

Field	Type	Description
sync_strategy	string	Determines whether secrets are synced to a single secret (`single-secret`) as a JSON object or multiple discrete secrets (`multi-secret`).
regions	array<string>	The GCP regions used for replication. Can include any supported GCP region or `["automatic"]`. `automatic` cannot be used if other regions are listed.
format	string (optional)	Specifies the format secrets will be stored in. Either `env` or `json`. Defaults to `json`.
name	string	The name used to store the secret when sync_strategy is set to `single-secret` (note that the integration's `gcp_secret_prefix` will be prepended to this).

GitHub (Actions, Codespaces, Dependabot)

Field	Type	Description
feature	string	One of `actions`, `codespaces`, or `dependabot` (defaults to `actions`)
sync_target	string	Either "repo" or "org", based on the resource type to sync to
repo_name	string (repo only)	The GitHub repo name to sync to (only used when `sync_target` is set to "repo")
environment_name	string (optional, repo only)	The GitHub repo environment name to sync to (only used when `feature` is set to "actions" and `sync_target` is set to "repo")
org_scope	string (org only)	Either "all" or "private", based on the which repos you want to have access (only used when `sync_target` is set to "org")
sync_unmasked_as_variables	boolean (optional)	When enabled, causes secrets with the `unmasked` visibility type to get synced as GitHub Action Variables (only used when `feature` is set to "actions"). Defaults to `false`.

GitHub Codespaces

Field	Type	Description
feature	string	Must be exactly `codespaces`
sync_target	string

Heroku

Field	Type	Description
project_type	string	Either "app" or "pipeline", based on the resource type to sync to
pipeline_id	string (pipeline only)	The Heroku pipeline ID to sync to
stage	string (pipeline only)	The Heroku pipeline stage to sync to
app_id	string (app only)	The Heroku app ID to sync to

Terraform Cloud

Field	Type	Description
sync_target	string	Either "workspace" or "variableSet", based on the resource type to sync to
workspace_id	string (workspace only)	The Terraform Cloud workspace ID to sync to
variable_set_id	string (variable set only)	The Terraform Cloud variable set ID to sync to
variable_sync_type	string	Either "terraform" to sync secrets as Terraform variables or "env" to sync as environment variables
name_transform	string	A name transform to apply before syncing secrets: "none" or "lowercase"