From doppler
Manages Doppler secrets platform: CLI operations, project/config/environment management, secrets injection, CI/CD integrations, and security best practices.
How this skill is triggered — by the user, by Claude, or both
Slash command
/doppler:dopplerThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Comprehensive assistance for the Doppler secrets management platform: CLI operations, project and config management, secrets injection, integration syncs, and security best practices.
Comprehensive assistance for the Doppler secrets management platform: CLI operations, project and config management, secrets injection, integration syncs, and security best practices.
Use this skill when the user mentions: "doppler", "secrets management", "doppler cli", "doppler secrets", "doppler run", "doppler setup", "doppler configs", "doppler projects", "secret injection", "doppler environments", "service tokens".
# macOS
brew install gnupg && brew install dopplerhq/cli/doppler
# Linux (Debian/Ubuntu)
apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg
curl -sLf --retry 3 --tlsv1.2 --proto "=https" \
'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | \
gpg --dearmor -o /usr/share/keyrings/doppler-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/doppler-archive-keyring.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | \
tee /etc/apt/sources.list.d/doppler-cli.list
apt-get update && apt-get install doppler
# Shell script (any OS)
curl -sLf --retry 3 --tlsv1.2 --proto "=https" https://get.doppler.com | sh
# Login (opens browser for auth)
doppler login
# Setup project in current directory (interactive)
doppler setup
# Non-interactive setup
doppler setup --project my-app --config dev --no-interactive
| Developer wants to... | Action |
|---|---|
| List all secrets | doppler secrets -p <project> -c <config> |
| Get a single secret | doppler secrets get SECRET_NAME -p <project> -c <config> |
| Set a secret | doppler secrets set KEY=value -p <project> -c <config> |
| Set multiple secrets | doppler secrets set KEY1=val1 KEY2=val2 |
| Delete a secret | doppler secrets delete SECRET_NAME |
| Run command with secrets | doppler run -- your-command --flags |
| Run with specific config | doppler run -p backend -c dev -- npm start |
| Download secrets as file | doppler secrets download --format env --no-file |
| List projects | doppler projects |
| List configs | doppler configs -p <project> |
| List environments | doppler environments -p <project> |
| Clone a config | doppler configs clone -p <project> -c <source> --name <new> |
| View activity logs | doppler activity |
| Check current setup | doppler configure debug |
| Open dashboard | doppler open |
| View who is authenticated | doppler me |
# Inject secrets as env vars for any command
doppler run -- node server.js
doppler run -- docker compose up
doppler run -- terraform apply
# Run a shell command string
doppler run --command "echo $DATABASE_URL && npm start"
# Only inject specific secrets
doppler run --only-secrets DATABASE_URL,API_KEY -- node server.js
# Mount as JSON file (ephemeral, cleaned up after process exits)
doppler run --mount secrets.json -- cat secrets.json
# Mount as .env file
doppler run --mount .env --mount-format env -- your-command
# Mount with template
doppler run --mount config.yaml --mount-template template.yaml -- your-command
# Substitute secrets into a template file
doppler secrets substitute template.env.tpl > .env
# Run with fallback file (writes encrypted secrets on success, reads on failure)
doppler run --fallback ./fallback.encrypted -- npm start
# Read-only fallback (never update the fallback file)
doppler run --fallback ./fallback.encrypted --fallback-readonly -- npm start
# Offline mode (read directly from fallback, no API contact)
doppler run --fallback-only --fallback ./fallback.encrypted -- npm start
Doppler organizes secrets in a hierarchy:
Workplace
└── Project (e.g. "backend", "frontend")
└── Environment (e.g. "development", "staging", "production")
└── Config (e.g. "dev", "stg", "prd")
└── Branch Config (e.g. "dev_feature-x")
Doppler can automatically sync secrets to external platforms:
| Platform | Use Case |
|---|---|
| AWS Secrets Manager / SSM | ECS, Lambda, EC2 deployments |
| GCP Secret Manager | GKE, Cloud Run, Cloud Functions |
| Azure Key Vault | AKS, App Service, Functions |
| Cloudflare Pages / Workers | Edge & Jamstack deployments |
| Vercel | Frontend/fullstack deployments |
| Firebase Functions / Hosting | Functions config & build-time secrets |
| Serverless Framework | Lambda/serverless function secrets |
| GitHub Actions | CI/CD secrets |
| Docker / Docker Compose | Container environment injection |
| Kubernetes | Secret objects via Doppler Operator |
| Terraform | Infrastructure as Code |
| Webapp.io | CI/CD Layerfile secrets |
| Heroku | PaaS deployments |
For CI/CD and production, use service tokens (read-only, scoped to a single config):
# Generate a service token via dashboard or API
# Use in CI/CD:
DOPPLER_TOKEN=dp.st.xxx doppler run -- your-command
# Or set as environment variable
export DOPPLER_TOKEN=dp.st.xxx
doppler secrets
doppler activity and dashboard audit logs--no-verify-tls in productionFor deep dives, consult these references:
| Reference | Content |
|---|---|
| CLI.md | Complete CLI command reference with all subcommands and flags |
| INTEGRATIONS.md | CI/CD, Docker, Kubernetes, cloud platform integration patterns |
doppler me to check current auth statusdoppler configure debug to see active configurationdoppler logindoppler configure get token --scope /path/to/projectdoppler configure debugdoppler setup in the project directorydoppler secrets -p project -c configdoppler run --preserve-env=falsedoppler run clean to remove old fallback filesdoppler run --fallback ./path -- echo okDOPPLER_TOKEN env var is set correctlyWhen helping with Doppler:
doppler CLI installed? Is user authenticated?--only-names for listingnpx claudepluginhub p/rube-de-doppler-plugins-dopplerScans projects for exposed secrets, recommends management providers, sets up secret storage and injection into CI/CD/deployments, audits configurations for infrastructure.
Guides Infisical secret integration into local CLI dev, Docker (build/runtime), CI/CD (GitHub Actions, GitLab CI), Kubernetes Operator, and app SDKs (Node.js, Python, Go, Java, .NET, Ruby). Covers machine identity auth setup.
Manages full lifecycle of secrets and environment variables: decides placement (constant, .env, CI secret, env var), scaffolds .env.example/.gitignore, add/update/rotate/remove/migrate/audit/provision across envs. Language-agnostic.