We’ve heard from a lot of you about the struggle to keep secrets and configs in check, and we totally get it! Before Change Requests, teams had two big challenges:
That’s why we built Change Requests - to give secrets the same thoughtful review process as code. Now you can:
Propose Changes: Anyone with a Viewer role can suggest updates or changes to secrets.
Change Requests are live today for all workplaces on our Enterprise plan. Head over to our docs to learn more!
Config Inheritance is live! Our new feature allows you to inherit all the secrets from other configs into new or existing projects, making reusing those common secrets easier. Any changes made in the parent project are pulled into the child project, including secret name changes, without copying and pasting. Users typically used Secret References as a great way to reuse the same value across multiple projects with the ability to change values in a single place. The downsides?
It is live today so head over to your Doppler dashboard to check it out, or dive into our docs for more details!
Config Inheritance is available exclusively for Team and Enterprise plans. On our Developer plan? Try Team for free!
Check out our latest white paper on The ROI of Secrets Management. Learn how effective secrets management can save your team time, reduce security risks, and drive significant ROI. Dive into real-world examples and key metrics that showcase the tangible benefits for your DevOps and security teams!
Validating value types in the Doppler UI was time-consuming and limited. Now, with faster validation, new types like “Direct Reference” and XML, and support for reading and setting value types in CLI v3.69.0, your workflow is more efficient than ever. Head over to the Doppler dashboard to check it out!
Managing secrets across personal configs was challenging with no way to reference secrets or share values between them. Now, you can easily reference secrets in personal configs from other personal configs. This allows you to consolidate and manage your secrets more efficiently, reducing redundancy, and improving security. Head over to the dashboard to check it out!
Now, you can set the Value Type of a secret to ensure the value is in the right format when it is saved in Doppler. You can select to validate types like JSON, JSON5, YAML, and many more from the Doppler Dashboard. This feature is available to all plans today. Read more in our documentation or see the feature in action here.
We’ve been busy improving Webhooks functionality with the goal of giving you more flexibility and control in how you work with Doppler. Here’s what we’ve released so far:
Ever spent hours debugging only to find out the culprit was an invisible character hiding in your secret value? Not anymore! Now you’ll see a warning displayed whenever leading/trailing whitespaces, invisible characters, or any non-standard characters are present, avoiding future headaches. Rest easy knowing that your secret values are exactly as they should be.
From generating new tokens to keeping tabs on existing ones, everything you need is now at your fingertips with the ability to fully manage Service Account Access Tokens through the Doppler API. This update not only simplifies token management but also introduces the capability to set expiration dates for each token. Perfect for those who are looking for more efficiency in their expanding projects and teams.
The Doppler Terraform provider v1.6.0 is here, now with advanced support for managing users within groups. This significant update is tailored for scalability and efficiency, particularly for our enterprise-scale users, enabling more granular control and streamlined configuration of your environments.
Say goodbye to the frustration of sifting through endless configurations to locate a specific secret. The ability to now search by Secret Value allows you to effortlessly paste a secret into the search bar and instantly pinpoint every configuration it's linked to, saving you valuable time. This feature is being rolled out to your workplace over the coming days.
As January comes to a close, we're not just keeping up with resolutions, we're setting the bar higher. Keep reading to see how we turned ambitious goals into achievable realities!
We started off 2024 by letting go of our old look and unveiling a bold new era of secrets management: sleek design paired with an identity that reflects the enterprise security powerhouse we've become. Read about how we approached this project in this post from our Head of Design.
We’ve released Dark Mode into our product dashboard. Our dashboard now seamlessly adapts to your OS system settings or you can personalize your view with a simple toggle from the new menu at the top right corner. Enjoy the dashboard in your preferred viewing experience!
As the year winds down and the chill sets in, we're heating things up with new updates. Dive in to discover how we're keeping your productivity hot even as the temperatures drop!
Personal Configs are now available to users on all plans and are designed to alleviate these pain points by automatically creating a branch config for each developer that has access to that environment, such as the dev environment. This personal config is private, accessible only to that developer. Personal configs will also help standardize onboarding by allowing you to add a doppler.yaml file to your repo with dev_personal to auto-configure the Doppler CLI in development.
With Personal Configs automatically enabled in all new dev environments by default, the tedious tasks of manual creation, deletion, and conflict resolution of personal branches are a thing of the past. This not only streamlines your workflow but also bolsters security and individual efficiency, ensuring a smoother, more personalized, and conflict-free config management experience. Check out our documentation for more details and also learn how to enable Personal Configs on existing environments.
To address this, we've introduced the ability to view and 'undo' dismissed secrets. This enhancement brings back crucial oversight, allowing you to easily manage and reintroduce previously dismissed secrets into the 'Action Required' section as well as a new Managed Dismiss Secrets option in the menu on each environment of a project. It's a vital step towards ensuring transparency and efficiency in your team's secrets management, keeping your projects streamlined and secure. Go the secrets editor page in a config to try it for yourself.
Happy Halloween! 🎃 No tricks, just treats from us this month. Our latest product updates and features are so good, it's scary!
Our latest update supercharges your CI/CD workflows by enabling automatic triggers whenever your secrets change, including via automated secrets rotation. Additionally, you can now set up webhooks on a per-config basis for easier management of multiple setups. Plus, we've added more details to activity and config logs whenever webhooks change to increase auditability. Webhooks work with a variety of platforms out-of-the-box to make it as easy as possible to set up.
We’ve enhanced our Team Plan offerings to better suit the growing needs of organizations. Team plan workplaces now have the ability to unlock a few key Enterprise-grade features without leaving their current plan. Add-ons allow you to enable User Groups, Custom Roles, or a higher integration sync limit for just an additional $9/seat/month for each add-on. Head to your workplace Billing page to check them out.
Fall is in the air, and we're falling head over heels for our latest product updates and features. Keep reading to harvest the benefits of what we've been cultivating.
There’s a new significant enhancement to your Doppler dashboard—the ability to generate secret values directly within the platform. You can now create secure, random secrets without the need to switch between different tools. Simply hover over the secret, then click the 'Generate' button in the action bar. This feature not only simplifies the secret generation process, but it also streamlines secret management for your entire team, centralizing the creation and access of secrets all in one convenient location.
You now have centralized visibility of all your integration syncs directly from the Settings page. Gone are the days of clicking into each individual project and drilling down further to find out where your syncs are set up. Now, you can see all this information in one consolidated view, right from Settings. This update not only saves you time but also provides a clearer, more efficient way to view all of your syncs and their status.
We've supercharged our global search functionality, located conveniently in the top navigation bar, to allow you to search for secrets by name across your entire Workplace. This isn't just a tweak; it's an enhancement designed to make using Doppler more efficient and user-friendly. No more sifting through projects or environments—find exactly what you're looking for, right when you need it, all from one central location. And we've got some even bigger search improvements on the way!
We’ve launched Service Accounts on our Team and Enterprise plans to help companies improve their programmatic experience with Doppler at scale.
Service Accounts are a cross-project authentication mechanism not associated with an individual user. Similar to Doppler users, Service Accounts can be granted project and workplace access, and will soon be compatible with groups. Under the hood, they are comprised of tokens that can be rolled or deleted anytime.
Ready to start using Service Accounts? Head over to your workplace’s “Teams” section to get started or check out our docs to learn more.
We’ve revamped our new user onboarding with a dedicated Getting Started page. This will be shown to new users on our Developer plan with a future expansion to new users on all plans coming later.
Secrets can now be assigned a visibility - un-masked, masked, or restricted - giving Workplaces greater control over how and where a secret can be accessed from.
We’ve updated the experience for users creating new Workplaces. This improved UX brings improved performance and allows users to provide information to eventually personalize the next phase of their onboarding and allow them to get started faster.
We’re excited to welcome Railway to our growing list of available integrations. Railway is an infrastructure platform enabling teams to provision infrastructure, develop with that infrastructure locally, and then deploy to the cloud. The Doppler and Railway integration ensures that secrets from a selected config will be immediately and continuously sync with Railway projects.
This integration is pre-built and doesn’t require any additional code to set up. You can learn more about the integration here.
We’ve added the ability to forward any action taken in Doppler directly into Datadog, providing greater insight into your teams activity across your infrastructure. To start forwarding logs to Datadog you’ll need to create a new API key for Doppler to use, and then enter that API key into Doppler. That’s it! Now all subsequent actions you take in Doppler will be forwarded to Datadog.
Learn more about Datadog Log Forwarding in our guide.
Today, we welcome Fly.io to the growing list of Doppler integrations. Fly.io is a platform for running full-stack apps and databases close to your users.
Doppler users will now have an easier way to leverage secrets in Fly.io. Our integration ensures secrets are securely synced to Fly.io any time you make an update to a Doppler config.
This integration is pre-built and doesn’t require any additional code to set up. You can learn more about the integration here.
Universal Import is now available for any partner site. Use Universal Import to push secrets directly to engineering services and production infrastructure with the click of a button. Learn more, get the code, and install from our Import hub.
The Cmd + K shortcut now triggers the search experience on the config page.
Fixed an issue that prevented secrets that had previously been renamed from being promoted.
Once approved, a PR submitter can merge their own PRs. Learn more about Pull Requests.
Users can now close any PR they open. Learn more about Pull Requests.
Fixed an issue where a user couldn’t view PRs they’d submitted. Learn more about Pull Requests.
Fixed an issue where the Kubernetes Operator didn’t detect changes to referencing secrets. Learn more about using Doppler with Kubernetes.
Launched essential flow for a new feature, Universal Import, currently in Internal Access.
Release date coming later this year. Learn more about Universal Import.
Doppler is now part of the GitHub Student Developer Pack, educating students with industry best practices for managing secrets.
Check out our announcement post to learn more.
Utilize the familiar Pull Request workflow to make changes in Doppler. Reach out to support@doppler.com for access and check out the docs to learn more.
The Doppler Terraform provider will now retry requests up to 10 times to help combat intermittent request failures.
The cli now support mounting a temporary file for applications to read secrets from. The file is automatically torn down when the doppler cli exits. Learn more here.
Custom Roles allow an organization on the Doppler Enterprise plan to define roles to fit their specific use case - as granular as needed.
Sync your secrets directly to Render with our new native integration. Learn more here.
The Doppler Terraform provider now supports projects, environments, and configs. Check out the docs here.
Provision AWS IAM users just-in-time with a defined TTL. Check out our docs to learn more.
Default Project Environments ensure consistency across all of your Doppler projects.
Forward Doppler activity logs to Splunk or Sumo Logic to strengthen your SIEM posture.
Service Tokens now support writes, expanding the possible use cases even further.
Getting started with Doppler is even easier now that you can import your existing secrets via drag and drop with support for ENV, JSON, and YAML formats.
To prevent potential token leakage by malicious process list monitoring, the CLI can now be configured with a Service Token using stdin.
The Group detail page in the Team section now displays the list of Projects it can access.
Have a secret that needs to be rotated monthly, say a database url? You can now configure recurring reminders on individual secrets in each environment.
User Groups provide the fine-grained access controls required by large and enterprise organizations for managing Project ACLs at scale.
Learn more by visiting our User Groups documentation.
Email and password accounts can now add a Face ID/TouchID MFA security key.
Enable Doppler SAML SSO for Azure Active Directory with our step-by-step guide to creating a Doppler AD Enterprise application.
In addition to comparing individual secrets, you can now diff two configs from the same project.
It's now possible to create ephemeral Service Tokens by setting an expiration time.
Perfect for set-and-forget short-term access use cases.
Our GitHub Actions integration now supports syncing secrets to any GitHub Environment defined for that repository.
You can now promote individual secrets from a branch to the root config. No copy and paste required!
We've updated our pricing to provide a 75% discount for students and non-profits for the lifetime of their account.
To get the discount applied create a workplace on the Team plan and then contact our support team to have the discount applied. That's it!
Our Heroku integration now supports syncing secrets for Pipeline applications.
Installing the Doppler CLI using the install.sh script now supports binary signature verification using the `--verify-signature` flag.
Learn more by visiting our CLI installation documentation.
You can now choose whether to keep or delete secrets synced from Doppler when removing an integration.
You can now customize the name when cloning a Config in the dashboard and CLI.
The Doppler CLI can now be installed as an Alpine package.
Get installation commands at https://docs.doppler.com/docs/enclave-installation.
The new Integrations tab provides quick access to the connected integrations for a specific Config.
Learn how to sync Doppler secrets to Cloudflare Pages environment variables in a single command using our new Cloudflare Pages Environment Variables documentation.
You can now configure workplace activity logs to be sent to a Microsoft Teams channel.
See the Microsoft Teams documentation to learn more.
Doppler CLI v3.30.0 has been released with new auto-completion enhancements and fish shell support.
Webhooks can now be scoped to a specific environment, perfect for triggering automatic redeploys on platforms such as Vercel and Netlify.
As an example, check out how to configure automatic production redeploys on Vercel using Doppler webhooks.
Secrets can now be downloaded in YAML format from the dashboard.
You can now easily reconnect an integration that is failing to sync from the project's integrations page.
We've made it easier to integrate Doppler into your CircleCI workflows by supporting the syncing of individual secrets.
Learn more at our CircleCI Integration documentation.
In the event you need to test an integration, you can now trigger a sync manually from the integrations page.
We've improved the dashboard UI with our new secret action bar, putting operations such as comparing secrets just 1-click away.
Check out our new guide that shows how to integrate Doppler with @VisualStudio Code for #Python applications using our new doppler-env Python package.
Learn more at our Visual Studio Code Python documentation.
You can now apply secret changes across multiple environments with a single click! Especially handy when adding a new secret.
The new search filtering and pagination features on the Team page make it fast and easy to review access permission levels organization wide.
It's now easier to manage your GitHub Action secrets using Doppler as our integration has been updated to support the syncing of individual secrets.
Learn more at our GitHub Integration documentation.
Updating secrets and config values across environments just got a whole lot easier with our new multi-environments update feature!
Our CLI doppler open dashboard command just got smarter, taking you directly to the project you're working in!
Upgrade the CLI to the latest version by running doppler update.
Developers and organizations trust Doppler with securely managing and serving millions of secrets to their applications and we’re excited to announce that Doppler has achieved SOC 2 Compliance.
Read our announcement blog post to learn more.
Doppler Share now has a public facing API that supports sending secrets to the API in plain-text or encrypted using an AES-GCM symmetric key (recommended).
Learn more at https://docs.doppler.com/reference#share-secret.
Now you can securely manage secrets and environment variables for your DigitalOcean hosted applications with our DigitalOcean Marketplace App.
We're excited to be bringing our universal secrets management features to DigitalOcean and our embedded CLI injects secrets as environment variables for every language and framework.
Learn more at https://docs.doppler.com/docs/digitalocean.
Doppler is proud to be partnering with @ProductHunt Founder Club to give eligible start-ups 30% off their first 3 months (up to $5,000) on any Doppler subscription.
Learn more at https://www.producthunt.com/founder-club.
Doppler now has a permissions level of Viewer that provides read-only access to secrets. Any user with Viewer access must be explicitly added to each project.
Learn more in our Team Access documentation.
Ever had the issue where you don't know what an app config or secret is for? Or what values are allowed?
Wonder no more, as you can now add notes for each secret in the Doppler dashboard.
The Doppler CLI v3.23.1 now has shell completion that will be automatically configured on install for all non-Windows distributions.
Existing CLI installations can add shell completion by running `doppler completion install`.
Doppler Share is now integrated into the dashboard, allowing you to share a secret with a trusted external developer in just two-clicks!
Wish you could manage CircleCI secrets for every project from a single dashboard? Learn how in less than 5 minutes using our Doppler secrets sync guide for CircleCI.
Need to jump from your development environment to the Doppler dashboard? Don't manually open your browser—just run the doppler open command.
Check out our CLI Guide for more tips and tricks!
Doppler now supports Okta SCIM 2.0 for automatically provisioning and managing user access on our Team subscription.
Learn more at https://docs.doppler.com/docs/okta-scim.
We're excited to announce our new Azure App Services secrets integration, enabling you to centrally manage secrets for every Azure App Services application from the Doppler dashboard with secret updates synced instantly.
Want a single source of truth for managing k8s secrets? Check out our new guide for syncing Doppler secrets to Kubernetes using the Doppler CLI, environment variables, or a mounted config file.
Learn more at https://docs.doppler.com/docs/kubernetes.
Apple Silicon: One small step to convince yourself you need a new Mac. One giant leap for performance!
As of version v3.23.0, you can use the Doppler CLI at warp speed with our new native support for Apple silicon!
We built this so anyone share secrets with end-to-end encryption without needing to create an account or jump through any hoops.
Try it now - https://share.doppler.com.
Using secrets referencing, e.g ${SECRET_NAME} is now a breeze thanks to our new autocompletion UI, making it much easier to create a secret such DB_URL which combines all database secrets.
For example: postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
Learn more at https://docs.doppler.com/docs/enclave-secrets.
Using Cloudflare Workers? Check out our new guide for syncing Doppler secrets to Cloudflare with a single command you can easily integrate into your deployment workflow.
Learn more at https://docs.doppler.com/docs/cloudflare-workers.
Cloning a Doppler config is handy for troubleshooting, e.g cloning the QA environment to debug test failures, and you can now clone a config from the CLI with the doppler configs clone command.
The Doppler CLI now supports downloading secrets in YAML format, as well as runtime specific variants such as docker and env-no-quotes for use in GitHub Actions.
Learn more by running doppler secrets download --help
Check out our new secrets sync guide for Bitbucket Pipelines that uses a custom CI environment and branch configs to manage secrets for every environment from a single, unified dashboard.
Learn more at https://docs.doppler.com/docs/bitbucket-pipelines.
Manually editing environment variables in the Lambda console can be a thing of the past with our new Doppler secrets sync guide for AWS Lambda.
Learn more at https://docs.doppler.com/docs/aws-lambda.
Bootstrapping a project to use Doppler is now even easier, thanks to the new doppler secrets upload command. Supports uploading files in ENV and JSON formats.
We're constantly working with security researchers and professionals to improve our security posture and we invite you to collaborate with us by joining our public Vulnerability Disclosure Program.
Our shiny and new Doppler community forum, powered by the 100% open source @discourse forum is now live at https://community.doppler.com
At Doppler, we believe in helping not just developers, but the world they live in. Starting today we are taking our first step to help make that a reality by committing to donating 1% of each subscription to the removal of CO₂ from the atmosphere.
Tired of telling your team what Doppler project and config they need to select for a repository? Add a doppler.yaml file to auto-select the project and config for your repo when running doppler setup. Learn more at https://docs.doppler.com/docs/enclave-project-setup#local-development.
Starting in v3.16.0, CLI Tokens are now securely stored in the OS Keyring instead of the file system for macOS, Linux, and Windows.
You can now see which config a Service Token belongs to as the config name is built into the Service Token value. Thanks to @alexbouchardd for the suggestion!
Keeping dev tools up to date is hard, but not so with the Doppler CLI! Starting in version v3.16.0 you'll be prompted (once) to update your version whenever a new release becomes available.
Using GitLab CI / CD? Learn how to use Doppler to provide secrets to your CI / CD jobs in less than 5 minutes with our new secrets management guide for GitLab.
GitHub now scans your repos for Doppler tokens. Tokens found in public repos will be automatically revoked, preventing exposed tokens from being used to access your secrets.
See the official announcement from GitHub at https://github.blog/changelog/2020-12-07-github-now-scans-for-leaked-doppler-tokens
Wish AWS Secrets Manager had a nicer UI for managing app config instead of a JSON blob? Why not use Doppler's dashboard to automatically sync config changes to AWS Secrets Manager with our new integration! Learn more at https://docs.doppler.com/docs/aws-secrets-manager
Phil Karlton said, "naming things" was one of the toughest challenges in computer science. We agree, and thanks to our fantastic community and their feedback, we've changed the previous term "Enclave" in the Doppler dashboard and documentation to be "Projects. Much better!
Have a need for speed? Vercel is all about it! Now you can sync secrets from Doppler for every project, and environment with our new integration! Learn more at https://docs.doppler.com/docs/vercel
Using GCP Secrets Manager? Now Doppler can automatically keep your app config and secrets in sync across staging, production, and everything in-between using our new integration! Learn more at https://docs.doppler.com/docs/gcp-secret-manager
Deploying to Netlify? Now you can sync secrets from Doppler to Netlify for every project and environment with our new integration!
Learn more at https://docs.doppler.com/docs/netlify
Struggling to manage secret sprawl in GitHub Actions? You can now inject secrets from Doppler into your GitHub Action with our new integration. Learn more at https://docs.doppler.com/docs/enclave-github-actions
We’re trusted with serving millions of secrets to developers and their apps in a secure, performant, and reliable way. A love for security is built into the core of our DNA and you can help by joining Doppler's Vulnerability Disclosure Program at https://doppler.com/vdp
We love how vocal our community is in telling us what they need to manage secrets more effectively, and the most requested feature by far, has been the creation of custom environments.
And it's now here! 🎉🎉🎉
Deploying to Laravel Forge? Now you can sync secrets from Doppler to Forge automatically with our new integration! Learn more at https://docs.doppler.com/docs/enclave-laravel-forge-installation
Deploying to Heroku? Make life easy by having a single dashboard to configure all of your Heroku applications across different environments using our new integration, with changes synced instantly! Learn more at https://docs.doppler.com/docs/heroku
What is the shortest word in the English language that contains the letters: abcdef? Feedback! And that’s what we want to hear from you to make Doppler the best app config and secrets management tool by using the new Feedback widget, built right into our dashboard.
We're thrilled to announce that Ryan Blunden is joining Doppler full-time as a Developer Advocate. He loves creating documentation, educational videos, presenting, and joined Doppler to help developers everywhere manage their app configuration and secrets securely, and easily.
Outside of work, it's music and motorcycles that keep him busy and his location in Brisbane, Australia means he's always living in the future, at least by PST anyway.
Wish AWS Parameter Store had a developer experience like Doppler? Now it can with our new AWS Parameter Store integration. Instantly sync your app config and secrets! Learn more at https://docs.doppler.com/docs/aws-parameter-store
Doppler HQ is officially a thing, and while we do embrace remote first and pants optional programming, we love the camaraderie of working together in a physical space.
If you're in San Francisco, we'd love for you to stop by to chat about app config, secrets management, security, or you can get our CEO Brian to buy you a free Burrito!
Unless your Barbara Blackburn, who types at 212 words per minute, you're probably like us and prefer fewer keystrokes. That's why we've simplified the Doppler CLI to remove the enclave prefixed commands, so for example, doppler enclave setup is now doppler setup.
Want to help improve Doppler's security? Our security.txt shares how to do so safely and securely.
You can now run doppler update on any machine to automatically upgrade to the latest version. And it's lightning fast. Try it out!
Have a ton of duplicate secrets? Now you can add your secret to just one config and then reference it from everywhere else!
Here's how:
Once you have a secret being referenced, if you change that secret all references to it will automatically update.
In light of the recent Cloudflare DNS outage, we embarked on separating our status page infrastructure from our primary services. Our new status page is hosted at dopplerstatus.com and uses a different registrar and DNS provider than our doppler.com domain. This helps ensure that a domain-wide outage cannot bring down our status page.
Want to get notified in your service about changes in your configs? You can now easily setup webhooks and enable/disable them.
We are all super excited to introduce Ruud Visser to the Doppler team. Before joining Doppler, Ruud led backend API infrastructure at Instagram! We can't wait to see what he ships next.
If you are passionate about developer tools or security, we are hiring Full Stack Engineers, Security Engineers, Developer Advocates, and Designers. Come join us!
We've rolled out support for our most requested MFA method: security keys! You can now use a YubiKey and other WebAuthn-based security keys as an additional factor during login. Security keys can be added in addition to OTP/Authy, and we support multiple keys from day one. One piece of personal advice: always add a backup key!
Everyone should have a choice of if they want to be part of a workplace, regardless of their access. Now any user, including someone with member access, can leave a workplace.
Secret names are tricky to get right, you want them to be uppercased and use underscores to make sure they work everywhere. But remembering all these arbitrary rules isn't fun, so now you don't have to. Doppler will automatically map your secret names as you type, like converting a space to an underscore. Just type, we will handle the rest!
Storing your secrets in JSON? Well at least they aren't in an ENV file 😂. Now you can upload them in bulk with our JSON upload feature!
All new Enclave projects are now referenced by their name. This makes for a much smoother experience when interacting with our APIs and CLI.
Current projects will continue to use their existing slug. To switch an existing project to a name based slug, simply rename your project.
After recently deleting the wrong test config, we were humbly reminded that accidents happen. This led us to build our newest feature: config locking. Locking an Enclave config prevents it from accidentally being renamed or deleted. To perform one of these actions on a locked config, simply unlock.
The Doppler CLI is now a full-time CI resident! Check out the Action on GitHub Marketplace to start using it in your GitHub Workflows today.
For Homebrew users, you can now update the Doppler CLI with the doppler update command as of version 3.1.0.
Welcome to a more intuitive way to manage your secrets. Root configs work just like defaults but also comes with service tokens, Heroku sync, versioning, and much more.
Have you ever needed to combine secrets together? Maybe a shared hostname? Today you can reference secrets from within other secrets.
We've added support for setting up OTP via a manual key. This is in addition to the primary method of scanning a QR code. If you haven't set up OTP yet, try it out today!
…except for the new Doppler CLI. The legacy Node CLI and Node, Python, and Ruby clients will continue to work with our v1 APIs, but will NOT receive any security updates, bug fixes, or new features.
The new Doppler CLI is written in Go to ensure it remains lightweight, incredibly fast, and compatible on any OS without dependencies. Plus, it ensures your secrets are always encrypted.
We've rolled out a bunch of UI improvements and paper cut fixes this month. Here are a few of the things the team has released so far:
We've reduced our total page size by ~98% and load time by ~35%. To accomplish this, we now cache all static, public assets for up to 1 year. Assets are also cached by our globally-distributed CDN, meaning assets will always be served from a location near you.
We content-address all of our static assets. This is a method of naming the asset based on its content, typically using a hash function. Content-addressing ensures immutability by guaranteeing that the asset's name changes whenever its content does. For example, instead of loading doppler-logo.png, we load something like doppler-logo-a24a706d.png.
This funky naming enables us to crank caching up to the max. We specify a cache policy of public, max-age=31536000, immutable, must-revalidate. Let's break down what this means:
Our users trust Doppler with their secrets. In return, Doppler trusts users to take account security seriously. After all, the most secure systems are still only as secure as their weakest link.
To help improve account security for all users, we'll now prompt you to set up 2FA on your next login. We'll also do so after performing a password reset.
This helps ensure your secrets are shielded from poor password hygiene, which is an ongoing goal of ours.
Ever wanted to compare your database url or any other secret across development to production? With the Compare Secret feature, you can!
See the changes your team makes whenever an Enclave config is updated! View the config log to go deeper into which values were modified.
This major release is packed with features for local development.
Here's one: doppler run now automatically keeps a local, encrypted backup of your secrets. If the Doppler API or your internet connection ever goes down, you'll still be able to boot your app.
Remember, the CLI only takes 3 steps to set up locally:
For a full list of new features and breaking changes, check out the release notes.
(Ok, we cheated on step 2 with the &&. But we also included the installation, which we could've left out, just to show you how easy that is too!)
Automate your infrastructure with webhooks from Doppler. Get notified when anything in your Enclave project changes.
Brownie Points: Doppler signs the webhook request with a secret you provide to verify it is coming from us.
Protect your account with OTP 2FA, an open standard for two-factor authentication.
To encourage best practices, service tokens are now only displayed once during initial creation. After creation, you'll need to generate a new service token to retrieve its value. This helps ensure that you're using a unique service token for each service.
We are excited to ship one of our most requested features: Renaming Secrets!
Have you ever needed to upload a multi-line secret like a certificate? Now you can today!
To help keep customers safe, we now securely check users' passwords against public data breaches. If your password has previously been exposed in a data breach, we'll display a notice during login that requires you to change your password. More info:
We use the k-Anonymity model to anonymously and securely check if your password has been part of any past, public data breaches. Specifically, during login we now take a SHA1 hash of your password. The first 5 characters of this hash are sent to the popular Have I Been Pwned (HIBP) service. HIBP returns a list of all hashes it knows about that start with the same 5-character suffix. Our servers then compare each returned hash against the full SHA1 hash of the user's password. If there is a match, we prompt the user to change their password.
This process can only be performed during login and when changing your password because that's the only time Doppler has access to a user's plaintext password. We store bcrypt hashes of passwords in our database, meaning it would be computationally infeasible to perform this HIBP check at any other time. Additionally, the computed SHA1 hash is used only for the HIBP service and is never persisted outside of application memory.
We'll likely talk more about password security at a future date. For now, we encourage all of our customers to follow these best practices, as we do internally:
We're proud to announce the release of our new Doppler CLI! This release introduces some exciting new features:
All other Doppler client libraries have now been deprecated. This will allow us to more rapidly iterate on features and improve the productivity of our customers.
Thank you to all of our customers for another amazing year. We've got some enormous things cooking for 2020- stay tuned!
Thanks & Happy New Year! 🎉
Pro Tip: Save your secrets in Doppler with the CMD + Enter shortcut!
Doppler now supports multi-line secrets such as certificates. Just paste and save!
Powerful search gets you to where you want to go. Stay on your keyboard while navigating your workplace with "s" keyboard shortcut.
Doppler's Defaults feature is the easiest way to roll out a new variable to your entire CI/CD pipeline. At a glance, see which variables in an environment are synced or diverged from Defaults.
See your activity logs as they come in without ever having to leave Slack!
On Heroku? Keep your app's config vars in sync with Doppler through automated 2 way sync. Setup Heroku Sync in under 2 minutes.
Checkout our new documentation hub! Explore the CLI and automate your flows with our API. Access the hub directly through the dashboard through the docs link.
Securely view your environment variables without worry of someone peeking over your shoulder...
Using Single Sign-On providers like Okta or OneLogin? We have great news, you can now onboard your entire organization with our enterprise SAML SSO + JIT (Just In Time) feature. Request access today by reaching out to our enterprise team.
Upload your environment variables in bulk with file upload. Paste the contents of your .env and Doppler will handle the rest!
Protect your account from hackers with 2FA through our partner Authy. Enable 2FA today on your Doppler account by clicking here!
All traffic to doppler.market will now be redirected. Behind the scenes, here are some updates:
We're pumped to show you what else we have in store for 2019. Thanks for sharing with us the amazing feedback and the opportunity to make an impact on your journey.
For any comments, feedback, or support related questions, feel free to reach us at hello@doppler.com.
Thanks & Happy New Year! 🎉
We believe in transparency at Doppler, especially something as important as your variables/secrets. To continue this effort, we are launching a status page.
Have visibility over all workplace changes — from a bird's-eye view with Activity Logs and a worm's-eye view with Audit Logs.
Activity Logs
As workplace owners and admins, see how your team operates from a high level. From in-pipeline activity to user access modifications, Activity Logs show it all.
Audit Logs
Oftentimes, your teammates may suddenly update environment variables, and you don't know who changed what. Now, you can see who's making every change down to each character. If need be, the rollback feature comes in handy...
As of today, you can roll your Doppler API key as needed. For owners, the ability to roll any other teammate's API key on the team page is also available.
If you have external team members, like contractors, you're able to create one-off Doppler API keys that grant access to only a single environment.
Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.