LinuxCommandLibrary

doppler-secrets

Access secrets and configurations from Doppler

TLDR

Get all secrets

$ doppler secrets
copy

Get value(s) of one or more secrets
$ doppler secrets get [secrets]
copy

Upload a secrets file
$ doppler secrets upload [path/to/file.env]
copy

Delete value(s) of one or more secrets
$ doppler secrets delete [secrets]
copy

Download secrets as .env
$ doppler secrets download --format=env --no-file > [path/to/.env]
copy

SYNOPSIS

doppler-secrets set [-p PROJECT] [-c CONFIG] [-f FORMAT] [options]

PARAMETERS

--project, -p string
    Doppler project name (defaults to DOPPLER_PROJECT env var)

--config, -c string
    Doppler config name (defaults to DOPPLER_CONFIG env var)

--format, -f string
    Output format: env, dotenv, json, shell, yaml (default: env)

--token string
    Service token (defaults to DOPPLER_TOKEN env var)

--format-filter strings
    Regex filters to include only matching secrets

--clear
    Zero secrets from memory after output for security

--help, -h
    Show help and usage

--version, -v
    Print version information

DESCRIPTION

The doppler-secrets command is a static, standalone binary provided by Doppler, a modern secrets management platform. It enables secure injection of secrets into Linux environments, containers, CI/CD pipelines, and serverless functions without requiring the full Doppler CLI installation.

Primarily used via the set subcommand, it fetches secrets from a specified Doppler project and config using a service token, then outputs them in user-friendly formats like environment variables, JSON, or shell scripts. This is ideal for Dockerfiles, Kubernetes deployments, or GitHub Actions where minimal footprint is key.

For example, pipe output to a shell source: doppler-secrets set --format shell | source, or generate a .env file for dotenv-compatible apps. It supports filtering secrets, automatic token handling via environment variables, and memory clearing for enhanced security.

Unlike traditional vaults, it emphasizes zero-config token auth, millisecond latency, and audit logs, making it developer-friendly for dynamic secret propagation across cloud-native stacks.

CAVEATS

Requires outbound HTTPS to Doppler API (api.doppler.com); token needs read access; not for interactive use—designed for automation. No local caching; fetches fresh secrets each run.
Static binary size ~10MB; download from https://downloads.doppler.com/static/bin/.

INSTALLATION

Download binary: curl -sSfL https://cli.doppler.com/doppler-secrets-linux-amd64.tar.gz | tar xz. Make executable: chmod +x doppler-secrets.

EXAMPLE USAGE

doppler-secrets set -p myproj -c staging --format dotenv > .env
doppler-secrets set --format shell | source /dev/stdin && myapp.

HISTORY

Introduced by Doppler in 2021 as a minimal alternative to the full CLI for containerized workloads. Evolved with format support expansions (JSON/YAML in 2022) and Kubernetes integrations. Actively maintained for cross-platform static builds (Linux AMD64/ARM64).

SEE ALSO

doppler(1), env(1), printenv(1), export(1)

Copied to clipboard