Doppler Secrets Buildkite Plugin

A Buildkite plugin for exposing secrets from Doppler to your build steps.

Plugin State: Beta

---

Requirements

The doppler CLI must be installed!

Examples

The following pipeline uses a Service Token to set all secrets as environment variables. The Service Token is set on the runner through the enviroment variable DOPPLER_TOKEN.

steps:
  - command: "echo $MY_SECRET"
    plugins:
      - muhlba91/doppler-secrets#v1.1.0

You can also directly specify the token (insecure!):

steps:
  - command: "echo $MY_SECRET"
    plugins:
      - muhlba91/doppler-secrets#v1.1.0:
          token: dp.XXX

Personal Tokens are also supported but require setting project and config:

steps:
  - command: "echo $MY_SECRET"
    plugins:
      - muhlba91/doppler-secrets#v1.1.0:
          project: project
          project-config: prod

If you want to control what secrets are being exposed you can specify the variables parameter:

steps:
  - command: "echo $MY_SECRET"
    plugins:
      - muhlba91/doppler-secrets#v1.1.0:
          secrets:
            - MY_SECRET

Warning

The plugin does not perform variable sanitation!

---

Configuration

Optional

token (optional, string)

The Buildkite token to use (Service Token, or Personal Token).

Example: dp.XXX

project (optional, string)

The Doppler project to read the secrets from.

Required for Personal Tokens!

Example: project

project-config (optional, string)

The Doppler configuration within the set project to read the secrets from.

Required for Personal Tokens!

Example: prod

secrets (optional, array)

Sets the secrets to be read as environment variables.

Attention: at the moment, this forces multiple calls to Doppler, and incurs performance penalty!

Example: [ "MY_SECRET1", "MY_SECRET2" ]

---

License

MIT (see LICENSE)

Supporting

If you enjoy the application and want to support my efforts, please feel free to buy me a coffe. :)