Grok Build

1. Install the CLI and log into Doppler

2. Create an agent-only config

Branch off your dev environment to create an isolated config so you control the agent's blast radius.

Branch configs are prefixed with the environment slug. dev_agent_grok lives under dev and inherits from its root unless you override.

3. Add only the secrets the agent needs

Scope it down so Grok Build picks up XAI_API_KEY from the environment. Grok Build signs in through the browser by default. Headless and non-browser runs authenticate with XAI_API_KEY, so keeping the key here means it never lands in a shell profile.

Do not let the agent populate or modify its own secrets. A human decides what goes in this config; the token in the next step is read-only, so the agent can't write back. Add any work credentials the agent legitimately needs to this same config so they inject together, keeping it minimal.

4. Mint a scoped, read-only, expiring token

Bound to this one config, with an expiration so a leaked token dies on its own. Capture it into an environment variable so the next steps can reference it without pasting the raw value around.

Service tokens are read-only by default. The agent can fetch secrets, never change them. This is the agent's identity.

5. Scope the CLI token to the working directory

Bind the agent's token to a single directory so the CLI only uses it there. Run this from the folder Grok Build will work in.

The --scope . flag locks the token to the current directory. Any doppler command run inside that folder, the doppler run launch below, and anything Grok Build itself invokes, resolves with this scoped agent token and never your personal CLI token.

Note: Run the agent in a sandbox scoped to that directory. And proceed with caution on production workloads: a non-deterministic agent with live credentials is real blast radius, so keep it pointed at dev/test configs unless you have a specific reason not to.

6. Run Grok Build through Doppler

Doppler injects the config's secrets as environment variables, and Grok Build inherits them. No .env, and when the process exits, the secrets are gone.

7. Connect the Doppler MCP server

Steps 1-6 give Grok Build the credentials it runs with. The MCP server lets Grok Build see and operate Doppler itself: list projects, inspect a config, and understand the secret layout before depending on it. Useful in almost any session, so set it up alongside the injection above.

The MCP server uses the same scoped, read-only token you minted in step 4. Grok Build reads MCP servers from ~/.grok/config.toml and expands ${VAR} references in env at load time, so point DOPPLER_TOKEN at the token you exported in step 4 instead of pasting the raw value. Add --read-only because the server can't infer read-only from the token alone.

Alternatively, authenticate once with npx @dopplerhq/mcp-server login and drop the env line. Verify with grok mcp list and grok mcp doctor doppler.

Interested in more? Head back to the directory.

Pick Your Tool