A Buildkite plugin for exposing secrets from Doppler to your build steps.
Plugin State: Beta
The doppler
CLI must be installed!
The following pipeline uses a Service Token to set all secrets as environment variables.
The Service Token is set on the runner through the enviroment variable DOPPLER_TOKEN
.
steps:
- command: "echo $MY_SECRET"
plugins:
- muhlba91/doppler-secrets#v1.1.0
You can also directly specify the token (insecure!):
steps:
- command: "echo $MY_SECRET"
plugins:
- muhlba91/doppler-secrets#v1.1.0:
token: dp.XXX
Personal Tokens are also supported but require setting project
and config
:
steps:
- command: "echo $MY_SECRET"
plugins:
- muhlba91/doppler-secrets#v1.1.0:
project: project
project-config: prod
If you want to control what secrets are being exposed you can specify the variables
parameter:
steps:
- command: "echo $MY_SECRET"
plugins:
- muhlba91/doppler-secrets#v1.1.0:
secrets:
- MY_SECRET
The plugin does not perform variable sanitation!
The Buildkite token to use (Service Token, or Personal Token).
Example: dp.XXX
The Doppler project to read the secrets from.
Required for Personal Tokens!
Example: project
The Doppler configuration within the set project to read the secrets from.
Required for Personal Tokens!
Example: prod
Sets the secrets to be read as environment variables.
Attention: at the moment, this forces multiple calls to Doppler, and incurs performance penalty!
Example: [ "MY_SECRET1", "MY_SECRET2" ]
MIT (see LICENSE)
If you enjoy the application and want to support my efforts, please feel free to buy me a coffe. :)