doppler-secrets

Get all secrets

$ doppler secrets

$ doppler secrets get [secrets]

$ doppler secrets upload [path/to/file.env]

$ doppler secrets delete [secrets]

$ doppler secrets download --format=env --no-file > [path/to/.env]

doppler secrets <command> [options]
doppler secrets <subcommand> [flags]

ls
    Lists all secrets for the current project and configuration. Can be filtered or output in JSON format.

get <secret_name>
    Retrieves the value of a specific secret. Requires the secret's name.

edit
    Opens an interactive editor (e.g., `vi`, `nano`) to modify secrets for the current project and configuration.

download
    Downloads secrets to a local file, typically in `.env` or JSON format, allowing for easy integration with local applications.

upload
    Uploads secrets from a local file (e.g., `.env`) to a Doppler project and configuration.

update <secret_name>
    Updates the value of a specific secret directly from the command line, non-interactively.

rename <old_name> <new_name>
    Renames an existing secret.

delete <secret_name>
    Deletes a specific secret from the current project and configuration.

describe <secret_name>
    Provides details about a specific secret, including its value and related information.

--project <name>
    A global flag to specify the Doppler project to operate on. Overrides any context set by `doppler configure` or environment variables.

--config <name>
    A global flag to specify the Doppler configuration (environment) within the project. Overrides any context set by `doppler configure` or environment variables.

--json
    A global flag to output results in JSON format, useful for scripting and programmatic consumption.

The doppler-secrets Linux command, typically invoked as doppler secrets, is part of the Doppler CLI, a powerful interface for interacting with the Doppler Universal Secrets Platform.

Doppler provides a centralized system for managing sensitive information like API keys, database credentials, and environment variables across all your application environments (development, staging, production). It helps development teams eliminate hardcoded secrets, reduce security risks, and ensure consistent secret management practices.

The doppler secrets subcommand specifically focuses on the management of individual secrets within your Doppler projects and configurations. It allows users to list, retrieve, modify, upload, and download secrets securely from the command line, making it an essential tool for integrating secrets into CI/CD pipelines, local development environments, and server deployments.

The doppler secrets command requires authentication with your Doppler account. This is typically done via doppler login or by setting the DOPPLER_TOKEN environment variable.

Proper project and configuration (environment) selection is critical to ensure you are managing secrets in the correct scope. Incorrect usage could lead to unintended exposure or modification of sensitive data.

The command relies on network connectivity to the Doppler API. Without it, secret operations will fail.

Before using doppler secrets, you must authenticate the CLI with your Doppler account. This is typically done by running doppler login and following the prompts, or by setting the DOPPLER_TOKEN environment variable with a valid Doppler API token.

The doppler CLI operates within a defined project and configuration (environment) context. This context can be set globally using doppler configure, or overridden per-command using the --project and --config flags. Understanding your current context is crucial for managing secrets effectively.

Doppler was founded with the goal of providing a secure and scalable platform for managing application secrets. The Doppler CLI, including the doppler secrets subcommand, has been a core component of the Doppler ecosystem since its early days (around 2019-2020). Its development has focused on providing a seamless developer experience, integrating with popular tools and services, and adhering to best practices in secrets management. The command has evolved to support a wide range of secret operations, reflecting the growing complexity of modern application deployments.

vault(1), aws ssm, gcloud secrets, git-secret(1), direnv(1)