Changelog

Follow along with updates and improvements made to Doppler.

Filter
February 28, 2024
Improvements

February '24 Product Update

Manage Groups in Terraform

The Doppler Terraform provider v1.6.0 is here, now with advanced support for managing users within groups. This significant update is tailored for scalability and efficiency, particularly for our enterprise-scale users, enabling more granular control and streamlined configuration of your environments.

Search by Secret Value

Say goodbye to the frustration of sifting through endless configurations to locate a specific secret. The ability to now search by Secret Value allows you to effortlessly paste a secret into the search bar and instantly pinpoint every configuration it's linked to, saving you valuable time. This feature is being rolled out to your workplace over the coming days.

What else have we been up to?

  • Released CLI v3.67.0 with new configure flags command for customizing CLI behavior and enhanced security through addressed gosec issues.
  • Enhanced the Render integration with service pagination and sorting, improving organization and accessibility beyond the initial 100 services and a new option to redeploy the Render service whenever your secrets are synced.
  • Enhanced the Vercel integration with support for 'sensitive' environment variable types, with the option to now choose sensitive or encrypted , allowing for secure encryption and restricted access during the build stage, with 'sensitive' set as the default option for synced secrets.
  • Improved SSO integrations ensuring seamless acceptance of workplace invites.
  • Resolved an issue importing specific Hasura Cloud environment variables, ensuring seamless integration and configuration management.
  • Released DopplerHQ/secrets-fetch-action v1.1.3 now upgraded to Node 20 for enhanced compatibility ahead of Node 16's deprecation in GitHub Actions.
  • The API now supports filtering by email when listing group members and allows you to retrieve group memberships to verify whether users are part of a group.
  • Upgraded the compare page to alphabetically sort secrets allowing for accurate organization of secrets and configs during comparisons.
  • Updated global search results by removing the project list query limit, enabling workplaces with numerous projects to always locate their desired project efficiently.
January 30, 2024
Improvements

January '24 Product Update

As January comes to a close, we're not just keeping up with resolutions, we're setting the bar higher. Keep reading to see how we turned ambitious goals into achievable realities!

The New Era of Doppler

We started off 2024 by letting go of our old look and unveiling a bold new era of secrets management: sleek design paired with an identity that reflects the enterprise security powerhouse we've become. Read about how we approached this project in this post from our Head of Design.

Doppler’s Gone Dark

We’ve released Dark Mode into our product dashboard. Our dashboard now seamlessly adapts to your OS system settings or you can personalize your view with a simple toggle from the new menu at the top right corner. Enjoy the dashboard in your preferred viewing experience!

What else have we been up to?

  • Enhanced permissions around service token deletion to ensure a user must have access to the token’s project or config in order to delete it.
  • We've enhanced your search experience! Previously, selecting a shortcut from the search box with the Enter key caused a full page reload. Now, we've streamlined the process to use client-side navigation, making your searches quicker and smoother without unnecessary page refreshes.
  • Fixed an issue in Firefox which prevented selecting values in certain dropdown components
  • Addressed a potential error related to SCIM name attribute updates, enhancing compatibility and preventing silent failures.
  • Fixed an issue where rotated secret values could display stale values if they were actively being viewed when a rotation occurred.
  • Fixed an issue to ensure promoting restricted and unrevealed masked secrets works as expected.
  • Fixed an error that occurred when a user was attempting to reveal a secret that had been renamed but not saved.
  • Corrected a bug that caused rounding errors with large numbers during secret uploads.
  • Completed our migration to React bringing enhanced UI performance to the dashboard.
  • Resolved an issue preventing dismissal of reminders in branch configs.
  • Addressed a rare scenario that incorrectly allowed nested references.
  • Resolved an issue in revealing secrets that could inadvertently rate-limit users.
  • Made several UI improvements to CTA buttons as well as the Compare, secret visibility, and secret naming features.
  • Enhanced error management for smoother Netlify and Railway integrations.
  • Improved the config page experience by preventing the 'Action Required' list from reordering while typing.
  • Resolved multiple issues with importing and managing Hasura Cloud environment variables (starting with HASURA_CLOUD).
  • Resolved access issues for service accounts ensuring they can access projects they created.
  • Introduced a feature to redeploy services impacted during Railway integration syncs.
December 30, 2023
Improvements

December '23 Product update

  • Fixed an issue where service accounts did not have access to projects they created.
  • Continued our React migration with the Compare page in the Doppler dashboard.
November 29, 2023
Product Launches
Create Personal Configs and Manage Dismissed Secrets

Create Personal Configs and Manage Dismissed Secrets

As the year winds down and the chill sets in, we're heating things up with new updates. Dive in to discover how we're keeping your productivity hot even as the temperatures drop!


Create Personal Configs

Personal Configs are now available to users on all plans and are designed to alleviate these pain points by automatically creating a branch config for each developer that has access to that environment, such as the dev environment. This personal config is private, accessible only to that developer. Personal configs will also help standardize onboarding by allowing you to add a doppler.yaml file to your repo with dev_personal to auto-configure the Doppler CLI in development.

With Personal Configs automatically enabled in all new dev environments by default, the tedious tasks of manual creation, deletion, and conflict resolution of personal branches are a thing of the past. This not only streamlines your workflow but also bolsters security and individual efficiency, ensuring a smoother, more personalized, and conflict-free config management experience. Check out our documentation for more details and also learn how to enable Personal Configs on existing environments.

Manage Dismissed Secrets

To address this, we've introduced the ability to view and 'undo' dismissed secrets. This enhancement brings back crucial oversight, allowing you to easily manage and reintroduce previously dismissed secrets into the 'Action Required' section as well as a new Managed Dismiss Secrets option in the menu on each environment of a project. It's a vital step towards ensuring transparency and efficiency in your team's secrets management, keeping your projects streamlined and secure. Go the secrets editor page in a config to try it for yourself.

What else have we been up to?

  • Creating a new role is now simpler with the ability to copy permissions from any existing built-in role. You can also compare the permissions of any role with those of another aiding in more precise access control.
  • We’ve added new native sync integrations for Deno Deploy and Harness, making it even easier to manage your secrets within partner ecosystems.
  • Kubernetes Operator v1.5.0 has been released with added support for syncing subsets of secrets from Doppler configs via a new secrets property.
  • We've fixed a Preview Branch pagination issue with our Vercel integration sync that limited you to choosing from the first 20 branches. All preview branches are now selectable!
  • Links in the Integration area of Workplace Settings now take you to the sync management page where you'll find the sync in question, improving workflow efficiency.
  • Fixed an issue which was preventing AWS Postgres rotated secret integrations from being reconnected.
  • Our React migration is in the final stages with our Integrations page now migrated to React. This expands on our commitment to improving site page performance.
  • Fixed an issue where CircleCI syncs would fail with an Unknown Error (400) when attempting to sync to a standalone CircleCI organization with no external VCS attached.
  • Improved secret value validation for AWS Parameter Store syncs enhancing visibility of potential issues and workflows.
  • Enhanced sync integration error handling for both GitHub Actions and Vercel improving reliability.
October 30, 2023
Improvements
Major updates to Webhooks, new Postman integration, Team plan add-ons, bulk invite teammates, and more.

Major updates to Webhooks, new Postman integration, Team plan add-ons, bulk invite teammates, and more.

Happy Halloween! 🎃 No tricks, just treats from us this month. Our latest product updates and features are so good, it's scary!

Enhanced Webhooks

Our latest update supercharges your CI/CD workflows by enabling automatic triggers whenever your secrets change, including via automated secrets rotation. Additionally, you can now set up webhooks on a per-config basis for easier management of multiple setups. Plus, we've added more details to activity and config logs whenever webhooks change to increase auditability. Webhooks work with a variety of platforms out-of-the-box to make it as easy as possible to set up.

Team Plan Add Ons

We’ve enhanced our Team Plan offerings to better suit the growing needs of organizations. Team plan workplaces now have the ability to unlock a few key Enterprise-grade features without leaving their current plan. Add-ons allow you to enable User Groups, Custom Roles, or a higher integration sync limit for just an additional $9/seat/month for each add-on. Head to your workplace Billing page to check them out.

What Else Have We Been up To?

  • We’ve added a Postman integration to streamline your API development and testing process.
  • Workplaces can now manage Fly.io, Heroku, CircleCI, and Terraform Cloud integrations with added API support.
  • Invite multiple users to your workplace at once with our new bulk invite support by comma separating email addresses.
  • The GitHub Action sync repository selection dropdown is now sorted by name to streamline setup.
  • Fixed an issue with Laravel Forge syncs by resolving issues related to archived servers.
  • Optimized system performance when deleting large projects, environments, and configs.
  • Added API support for waiting to respond until the first sync completes when creating an integration sync.
  • When SAML settings are modified, or logging services are disconnected, workplaces will now be notified via email.
  • Experience a cleaner user interface with fixes for the config Copy Secrets menu in Safari and scroll issues on the Config page.
  • Updated Activity Logs for added or removed config Webhooks to help Workplaces keep track of changes.
  • Resolved issues with Github Actions and Heroku affecting new syncs being created.
September 27, 2023
Product Launches
Generate Secrets In-Dashboard, Centralize Your Integration Syncs, Manage Billing Options, Improved Access Controls, and More.

Generate Secrets In-Dashboard, Centralize Your Integration Syncs, Manage Billing Options, Improved Access Controls, and More.

Fall is in the air, and we're falling head over heels for our latest product updates and features. Keep reading to harvest the benefits of what we've been cultivating.

Generate Secrets

There’s a new significant enhancement to your Doppler dashboard—the ability to generate secret values directly within the platform. You can now create secure, random secrets without the need to switch between different tools. Simply hover over the secret, then click the 'Generate' button in the action bar. This feature not only simplifies the secret generation process, but it also streamlines secret management for your entire team, centralizing the creation and access of secrets all in one convenient location.

Centralized View of Syncs

You now have centralized visibility of all your integration syncs directly from the Settings page. Gone are the days of clicking into each individual project and drilling down further to find out where your syncs are set up. Now, you can see all this information in one consolidated view, right from Settings. This update not only saves you time but also provides a clearer, more efficient way to view all of your syncs and their status.

Enhanced Secret Search

We've supercharged our global search functionality, located conveniently in the top navigation bar, to allow you to search for secrets by name across your entire Workplace. This isn't just a tweak; it's an enhancement designed to make using Doppler more efficient and user-friendly. No more sifting through projects or environments—find exactly what you're looking for, right when you need it, all from one central location. And we've got some even bigger search improvements on the way!

What Else Have We Been Up To?

  • We’ve added new native sync integrations for Deno Deploy and Harness, making it even easier to manage your secrets within partner ecosystems.
  • Terraform Doppler Provider v1.3.0 is live with support for terraform import along with new resources for managing Doppler groups, service accounts, and project access.
  • Updated our AWS Secret Manager integration to allow you to configure Doppler to sync secrets with tags.
  • For Team and Enterprise Workplaces using Terraform, we’ve enhanced your experience by doubling the Read Rate Limits on each plan.
  • Introduced the capability to permanently redact previous versions of secrets from the version history tab for heightened security and compliance.
  • The Workplace Billing page has been updated to allow you to add or update your billing address and Tax ID, such as a European VAT Number, directly—making invoice handling more efficient and compliant.
  • As part of our ongoing effort to improve the user experience in Doppler, we've migrated our Users and Tokens pages to React, resulting in faster load times and enhanced responsiveness for more efficient secrets management.
  • We've rolled out several new API endpoints, enabling you to fetch and manage individual or custom roles, manage groups, project roles, project members, and handle service accounts with ease.
  • Managing members access to environments is now easier with our switch from a column view to a dropdown view, showing all environments available for you to choose from.
  • Added an option to disable machine restarts for Fly.io integration syncs, allowing you to have full control over your service’s restart behavior.
  • You can now easily search and sort projects by name in the dashboard, making it easier to find what you need.
  • Fixed an issue with our DigitalOcean integration where empty env var values would break the sync.
  • We've enhanced our webhook capabilities. You can now configure webhooks at the config level within each environment, giving you granular control over event triggers.
  • You’ll now see project and config information in API responses when listing an integration’s syncs.
  • We've separated Custom Roles into workplace and project categories for a more streamlined user experience.
  • To elevate your Netlify sync experience, we've added support for 'all contexts,' enabling seamless synchronization across multiple environments.
  • We've enhanced your controls by adding the ability to edit project access for groups and service accounts directly from their details page, simplifying user and service accounts management.
August 22, 2023
Improvements

New API Endpoint, Updates to Vercel Integration

August 16, 2023
Improvements

Updates to Groups Page, Secret Visibility Improvements, New API Endpoint

  • Our React migration continues with our Groups page converting over. This is part of a push to make Doppler more consistent and to improve overall speed and performance. Learn more about Groups.
  • Adding a new masked secret now automatically re-masks the value after saving it on the dashboard. Learn more about Secret Visibility Types.
  • Added a new API endpoint for deleting a secret.
  • Fixed an issue that was causing SSO buttons to render improperly.
  • Fixed an issue that could make it appear as if syncs were stuck processing.
August 15, 2023
Improvements
Doppler CLI v3.65.2

Doppler CLI v3.65.2

August 14, 2023
Product Launches
Kubernetes Operator v1.4.0, Discord Logging Service, Bitbucket and Hasura Cloud Syncs

Kubernetes Operator v1.4.0, Discord Logging Service, Bitbucket and Hasura Cloud Syncs

August 02, 2023
Improvements

CircleCI Integration Updated

  • Updated the CircleCI integration to support syncing to CircleCI Contexts. Learn more about our CircleCi integration.
  • Fixed an error where some users could not view the secrets page without the View All Integrations workplace permission.
  • Fixed a bug where workplaces that are not charged automatically were flagged as past due if they had an open invoice even though the invoice may not be past due.
August 01, 2023
Improvements

Secrets Tab Consolidated

  • The advanced secrets and secrets tabs have been consolidated with an easy to use dropdown added for selecting the appropriate config. This brings rotated secrets into a more central place. Learn more about Secrets Rotation.
July 31, 2023
Improvements

Terraform Provider v1.2.3, Gitlab Sync Integration, and Custom Roles Visibility

July 26, 2023
Improvements

Kubernetes v1.3.0 Released

July 25, 2023
Improvements

Updates to Terraform Sync Integration and Custom Roles Fix

July 24, 2023
Improvements

Secret Version History Displayed

  • We’ve added the ability to see a secret's version history displayed in a tab within the secret details drawer.
  • Implemented UX improvements around features that require a plan upgrade. This should improve clarity on what features are available in a Workplace's current plan and what would be available in a plan upgrade. Learn more about our plans and pricing.
July 23, 2023
Improvements

Doppler CLI Update

July 20, 2023
Improvements

Fly.io Integration Update

  • Fixed an issue with the Fly.io integration where secrets were being set in the Machine spec erroneously and another where deleted and renamed secrets weren't being synced properly.
July 19, 2023
Improvements

UI improvements to the New Project List View

  • Made some UI improvements to the new list view on the Projects page. These included updating the focus background to match the hover background color and fixing a visual issue where project descriptions would sometimes wrap to the next line in the middle of a word.
July 18, 2023
Product Launches
Service Accounts Now Available on Team and Enterprise Plans

Service Accounts Now Available on Team and Enterprise Plans

We’ve launched Service Accounts on our Team and Enterprise plans to help companies improve their programmatic experience with Doppler at scale.

Service Accounts are a cross-project authentication mechanism not associated with an individual user. Similar to Doppler users, Service Accounts can be granted project and workplace access, and will soon be compatible with groups. Under the hood, they are comprised of tokens that can be rolled or deleted anytime.

Ready to start using Service Accounts? Head over to your workplace’s “Teams” section to get started or check out our docs to learn more.

July 17, 2023
Improvements

Supabase Sync Integration Fix

July 16, 2023
Improvements
View Projects in List View

View Projects in List View

  • Viewing the projects page just got easier. We’ve added a new List View to the Projects page, and the ability to toggle between views, to make it easier to scan your projects.
July 12, 2023
Improvements

UX Improvement to Getting Started Page

  • Added automatic opening and closing of onboarding steps on the Getting Started page, shown to new users on the Developer plan, when users skip a step.
July 11, 2023
Product Launches
New Cloudflare Pages Integration and User Access Logs

New Cloudflare Pages Integration and User Access Logs

  • Added a User Access Log section to the User Details page. This allows you to view which configs and active masked secrets any user has accessed.
  • We’ve added a new Cloudflare Pages integration. Users can now sync secrets between Doppler and Cloudflare Pages.
July 10, 2023
Improvements

RSS Feed of the Changelog and Auto Update Support for the CLI via Winget Install

July 09, 2023
Improvements

Improvements to Getting Started and Uploading Secrets

  • The next task on the Getting Started page, shown to new users on the Developer plan, now automatically opens resulting in less clicks for users.
  • Fixed an issue where users were shown onboarding steps for tasks which they did not have appropriate access permissions to complete.
  • Fixed an issue where uploading JSON secrets via doppler secrets upload would result in an erroneous _ prefix on the secret name.
July 06, 2023
Product Launches
Doppler TUI, Updated CircleCI Integration, And More

Doppler TUI, Updated CircleCI Integration, And More

New

  • We’ve added a tui command to the CLI for editing secrets. This lets you move faster, is even easier to work with, involves less typing, and has all of the power of the CLI behind it. Learn more about the Doppler TUI.
  • Added a new keyboard shortcut, Cmd+S, to save secrets when on the Config page.

Improvement

  • Implemented Copy as primary action functionality when wanting to copy secrets to prevent downloading a file to the user's filesystem.
  • Released a security improvement requiring users to confirm any changes to their workplace’s billing and/or security emails. This prevents workplaces from specifying an email address they don’t control and spamming it with unwanted emails.
  • Updated our CircleCI integration's validation for API tokens to account for CircleCI's new token format. Learn more about our integrations.
  • Improved visibility of user plan limits for the Developer plan when adding the 6th user to their team. Learn more about our plans and pricing.
July 04, 2023
Improvements

Updated Limit Notification Text and Performance Improvements

  • Fixed a performance issue that could cause errors when creating large numbers of branch configs under some conditions.
  • Updated text user sees when they hit a plan limit to make it clearer to users that they can upgrade their plan to increase that limit. Learn more about our plans and pricing.
July 02, 2023
Improvements

CLI Support for Winget and New API Endpoint

  • Windows users have been asking us to rethink how our CLI is installed on Windows machines - improving the speed to installation and increasing efficiency. We had been blocked by our tooling support on this but had never forgotten about it. We are excited to announce that we have now added support for Winget to install our CLI using winget install doppler. Learn more about the Doppler CLI.
  • Added a new API endpoint for listing a workplace’s currently configured integrations. Learn more about the Integrations List endpoint.
June 30, 2023
Improvements

Fix to Activity Log Display

June 27, 2023
Improvements

Plan Name and Free Trial Countdown Added to Navigation

  • Fixed an issue where creating a project through the API would occasionally fail for users with certain custom roles. Learn more about Custom Roles.
  • Added the plan name to the Workplace dropdown menu to help users know which plan is associated with the Workplace they are currently in.
  • Added a countdown showing how much time remains in a free trial when the Workplace is in the trial period for the Team plan. Learn more about plans and pricing.
June 26, 2023
Improvements

Updated Azure Key Vault Integration

  • Fixed issue when using Compare where user could see environments but not secrets.
  • Added support for using the Azure Key Vault integration using a Service Principal for authentication.
June 25, 2023
Improvements

Timezone Fallback Added

  • Added a fallback to the default timezone name if the timezone comes through in an unexpected format. This prevents users being blocked from logging in to the dashboard if their browser provides an unexpected format and would use GMT+1, GMT-2:30, GMT+5:30, etc.
June 22, 2023
Improvements

Updates to Token Metadata API Endpoint, Environment Creation Permissions, Geolocation Enforcement, and More

  • We’ve expanded the fields available in our token metadata endpoint. This endpoint now includes the token name, slug, type, token_preview, created_at, and last_seen_at fields. Learn more about this endpoint here.
  • Users can now grant environment creation permissions without granting access to all environments or granting access to create configs. Learn more about team management here.
  • Users will now be required to re-authenticate in the Doppler dashboard when changing countries.
  • Fixed an issue where the sort order for secrets in the Action Required list wasn't always correct.
  • Fixed an issue where the 'Learn More' links on new user Pro Tips weren’t always clickable.
June 19, 2023
Improvements

Expanded Audience for Sync Error Notification and Timezone Improvements

  • All users with sync permissions will now receive the email notification when deleting secrets from a config fails. Previously, only Admins and Owners received the notification.
  • Fixed local timezone abbreviation issues that were occurring with non-ASCII characters.
June 15, 2023
Improvements

Dashboard Login Improvements

  • Fixed dashboard login issue that was affecting some users.
  • Now accept UTC in addition to GMT in timezone abbreviation to address login issue for some users in France.
June 14, 2023
Improvements

Improvements to Webhooks, Search, and Timestamps Display

  • Webhook payload now will include modified secret names. Learn More about webhooks.
  • Display friendly timezone name in timestamps instead of numeric timezone offset.
  • Extended our search capabilities to now allow for searching for config names when there are more than 20 configs in a project.
June 13, 2023
Improvements

Improvements to Deleted Secret Workflow, Activity Log Performance, Webhook Disabling Communications, and More

  • The secrets page will now display a warning message when deleting a secret that is referenced elsewhere. This should improve awareness about where secrets are referenced. Learn More about secret referencing.
  • Addressed locking errors that a couple of integrations were running into by moving to a different redis client.
  • Now sending emails to all users with webhooks permissions when a webhook is disabled. We previously only emailed Workplace Owner and Admin roles. Learn More about webhooks.
  • Updated the hover state on the Getting Started page, shown to new users, for each toggled section.
  • Migrated the Activity Log page to React which brings performance improvements and allows for future UX changes.
June 11, 2023
Improvements

Case name transform support

  • Added support for kebab case name transforms.
June 09, 2023
Improvements

Re-authentication Required When Geolocation Changes

  • Users now required to re-authenticate if their geolocation data changes.
June 08, 2023
Improvements

Improvements to Search UX and Engineering Fixes

  • Improved search bar UX showing appropriate state of search and in results shown.
  • Fixed issue where new user ProTip on Projects page would flicker.
  • Now only send secret reminder emails to users with necessary permissions on the affected environment.
June 05, 2023
Improvements

New API Endpoint, Updates to Fly.io Integration, and Engineering Fixes

  • Added API endpoint for retrieving metadata about current token.
  • Fly.io integration now automatically restarts Fly.io Machines under their V2 platform when secrets are synced.
  • Fixed issue with search bar not showing correct content based on the current page the user is on.
  • Fixed "reach out" links that were broken on the Billing page "Credit Card" and "Invoices" tabs.
  • UX fix to misalignment of Account Authentication sections buttons by centering vertically.
May 31, 2023
Improvements

Updates to Our Vercel Integration

May 30, 2023
Improvements

Fix for Sharing a Referenced, Restricted Secret

  • Fixed an issue that caused an error when attempting to share a secret that referenced a restricted secret.
May 25, 2023
Improvements

Doppler Share UI Updates

May 23, 2023
Improvements

Fix for Masked Secrets

May 22, 2023
Product Launches
Click-To-Reveal Secrets in Doppler and an Update to Terraform Cloud Sync

Click-To-Reveal Secrets in Doppler and an Update to Terraform Cloud Sync

  • Users can now click to reveal masked secrets in Doppler. This will help limit unnecessary secret reveals and improve audibility by only logging reads for secrets we're confident were seen by a user.
  • Added support for name transforms with an update to the Terraform Cloud sync. There is now a new option when creating syncs to convert secret names to lowercase to better support Terraform variable naming conventions.
May 18, 2023
Product Launches

New DigitalOcean Sync Integration, Qovery Integration, and Improvements to Github Actions and Activity Logs

  • We’ve added a new OAuth-based DigitalOcean App Platform sync integration. Users can now sync secrets to the DigitalOcean app platform and services will automatically re-deploy.
  • You can now sync Doppler secrets to Qovery applications, containers or jobs with our new Qovery integration.
  • Solved an issue where GitHub orgs with a large number of repos might experience timeouts when creating new Github Actions syncs. Learn More about our GitHub Actions integration.
  • Improved messaging in Activity Logs when there is no log data available in the last 30 days.
  • Updated our public API to support fetching only raw secret values.
  • Activity Logs will now track the use of referral credits for a Workplace.
May 11, 2023
Product Launches
Doppler VS Code Extension Now Available

Doppler VS Code Extension Now Available

May 10, 2023
Improvements

Monorepo Support for our CLI

May 08, 2023
Improvements

Rotate MongoDB Atlas Passwords

  • Secrets Rotation keeps getting better. You can now rotate MongoDB Atlas Passwords if your Workplace is on the Team plan or above.
  • Added support for updating the CLI in linux-based Windows environments. Learn more about our CLI.
  • Generating recovery codes is now part of enabling MFA.
May 03, 2023
Product Launches
Getting Started Page for New Users

Getting Started Page for New Users

We’ve revamped our new user onboarding with a dedicated Getting Started page. This will be shown to new users on our Developer plan with a future expansion to new users on all plans coming later.

May 02, 2023
Product Launches
Secret Visibility: More Control Over Your Secrets

Secret Visibility: More Control Over Your Secrets

Secrets can now be assigned a visibility - un-masked, masked, or restricted - giving Workplaces greater control over how and where a secret can be accessed from.

April 24, 2023
Product Launches

Terraform Cloud Sync Integration

  • Secrets can now be synced to Terraform Cloud with our new Terraform Cloud Sync Integration. Users no longer need to figure out how to pull in secrets themselves with this native integration.
  • Replaced the Authy SDK with a custom implementation that uses the Authy API directly. This reduces our code dependencies and addresses a vulnerability alert from the deprecated Authy package.
April 04, 2023
Improvements

New User Tooltips

  • Removed the in-product guided tour for new users and replaced it with native tooltips that users will discover as they navigate to new sections.
  • Fixed an issue that was causing environments in the Doppler dashboard to appear out of order.
  • Fixed an issue with Terraform which could cause errors when creating many Doppler configs concurrently in the same environment. Learn more about our Terraform integration.
March 29, 2023
Product Launches
Rotate GCP Service Account Keys, Assign Roles to User Groups, Leverage AWS Role Assumption, Create AWS Secret Manager Integrations with Terraform, and more!

Rotate GCP Service Account Keys, Assign Roles to User Groups, Leverage AWS Role Assumption, Create AWS Secret Manager Integrations with Terraform, and more!

  • You can now rotate GCP Service Account Keys with Doppler! Workplaces on Team and Enterprise plans can now experience how rotating the underlying service account keys instead of the key object itself improves auditability and consistency within their infrastructure while maintaining a strong security posture.
  • Use Terraform? Then you can now leverage our API or Terraform Provider to create AWS Secrets Manager Integrations + Syncs no matter what plan you’re on.
  • Want to assign a default role to an entire User Group? Now you can! Enterprise workplaces can now assign a default role to any User Groups. When a user group is added to a project, its role will default to whatever was assigned. Didn’t assign one? The group will fallback to the workplace default role. Learn more about User Groups here.
  • We’ve updated our AWS Secrets Manager and Parameter Store integrations to allow you to leverage AWS' preferred auth method of role assumption when setting up your integration. This allows users on any plan to improve their security posture by using the most secure method of integrating with AWS.
  • Added a helpful safeguard to prevent users from entering notification service URLs (like Slack) as project webhooks.
  • Added a link to the workplace Billing page for users on our Developer and Team plans to be able to request Doppler’s SOC 2 report.
  • Various page load performance improvements
  • Fixed a UI issue which caused some pages to appear completely blank when the browser window is very small
  • Fixed an issue where clicking a Secret from the top search box would not correctly scroll to the Secret if it wasn't visible at that moment
March 12, 2023
Product Launches

Supabase and Github Actions Secret Synching, New Per-Secret Access History, SCIM fixes, and more

  • We’ve added Supabase and GitHub Actions org secret syncing to our evolving list of integrations
  • The Access Logs tab has now been replaced with a new per-secret read history access pane. On any config, you can click the access log icon to display the access pane and see who has viewed any version of a secret. Read more in our docs here.
  • Improved autofocus when searching for a secret to help you find what you need faster.
  • Fixed an issue with SCIM which caused all members to be removed from a group for some SCIM providers. Learn more about SCIM here.
  • Fixed an issue with secrets referencing where self references could break when promoting a secret value to the root config. Learn more about Secret Referencing here.
March 05, 2023
Improvements
New Workplace Create Experience

New Workplace Create Experience

We’ve updated the experience for users creating new Workplaces. This improved UX brings improved performance and allows users to provide information to eventually personalize the next phase of their onboarding and allow them to get started faster.

February 22, 2023
Improvements

Engineering Updates

February 07, 2023
Improvements

Engineering Updates

January 30, 2023
Improvements

Engineering Updates

  • Updated our setup flow for GCP Secret Manager to allow users to narrow the permissions provided to Doppler's service account.
  • UX updates to simplify our new user onboarding flow.
January 23, 2023
Improvements

Secrets Rotation Beta Improvements

January 22, 2023
Improvements

Engineering Updates

January 15, 2023
Improvements

Engineering Updates

  • We've added an engine for Cloud SQL secret rotation. Learn More.
  • Increased secret limit for Fly.io integration users.
January 09, 2023
Improvements

Engineering Updates

  • Added support for revoking service tokens via their value (docs).
  • Improved performance of the secrets save operation.
  • Added token previews to the dashboard Service Tokens overview page. This is particularly helpful in identifying service tokens if you have the token's secret value but don't know which token it is.
January 04, 2023
Product Launches
Railway Integration

Railway Integration

We’re excited to welcome Railway to our growing list of available integrations. Railway is an infrastructure platform enabling teams to provision infrastructure, develop with that infrastructure locally, and then deploy to the cloud. The Doppler and Railway integration ensures that secrets from a selected config will be immediately and continuously sync with Railway projects.

This integration is pre-built and doesn’t require any additional code to set up. You can learn more about the integration here.

Datadog Log Forwarding

We’ve added the ability to forward any action taken in Doppler directly into Datadog, providing greater insight into your teams activity across your infrastructure. To start forwarding logs to Datadog you’ll need to create a new API key for Doppler to use, and then enter that API key into Doppler. That’s it! Now all subsequent actions you take in Doppler will be forwarded to Datadog.

‍Prerequisites to get started:

  • Ability to create a new Datadog API Key
  • Ability to edit Doppler Workplace Settings
  • Doppler Enterprise plan

Learn more about Datadog Log Forwarding in our guide.

December 21, 2022
Product Launches
Fly.io Integration

Fly.io Integration

Today, we welcome Fly.io to the growing list of Doppler integrations. Fly.io is a platform for running full-stack apps and databases close to your users.

Doppler users will now have an easier way to leverage secrets in Fly.io. Our integration ensures secrets are securely synced to Fly.io any time you make an update to a Doppler config.

This integration is pre-built and doesn’t require any additional code to set up. You can learn more about the integration here.

December 15, 2022
Improvements

Engineering Updates

  • Anyone who has write-access on a secret will receive reminders attached to a secret. Learn More about user roles.
  • Fixed a bug that prevented selecting and copying a secret value on the config log page.
December 05, 2022
Product Launches

Codefresh Integration

Codefresh integration now available. Learn More.

December 05, 2022
Improvements

Engineering Updates

Fixed an issue with button loading state in Settings.

December 01, 2022
Improvements

Engineering Updates

  • Added new protections to the Workplace Settings page. Learn more about Workplace permissions.
  • Updated setup instructions for Dynamic Secrets. Learn more about Dynamic Secrets.
November 29, 2022
Product Launches
Universal Import Now Available

Universal Import Now Available

Universal Import is now available for any partner site. Use Universal Import to push secrets directly to engineering services and production infrastructure with the click of a button. Learn more, get the code, and install from our Import hub.

November 17, 2022
Improvements

Engineering Updates

  • When a secret is imported via Universal Import, display in Activity Log. Learn more about Universal Import.
  • UX improvements for secrets rotation. Learn more about Secret rotation.
  • Automated rotation for Postgres is now available. Learn More.
  • Improved logic for validating MySQL usernames. Learn More.
  • Fixed issue with Azure AD SCIM not working due to auth error. Learn more about SCIM provisioning.
November 14, 2022
Improvements

Search Improvements

The Cmd + K shortcut now triggers the search experience on the config page.

November 14, 2022
Product Launches

Automated Secrets beta and native Fly.io integration

  • Automated Secrets rotation via API is now available in beta. Learn more about Secret rotation.
  • The native Fly.io integration is now available. Learn More.
November 07, 2022
Improvements

Search Improvements

Cmd + K can now be used to trigger the global search.

November 01, 2022
Improvements

Renaming Secrets Fix

Fixed an issue that prevented secrets that had previously been renamed from being promoted.

September 26, 2022
Improvements

Pull Requests Update

Once approved, a PR submitter can merge their own PRs. Learn more about Pull Requests.

September 22, 2022
Improvements

Pull Requests Update

Users can now close any PR they open. Learn more about Pull Requests.

September 19, 2022
Improvements

Pull Requests Update

Fixed an issue where a user couldn’t view PRs they’d submitted. Learn more about Pull Requests.

September 13, 2022
Improvements

Improvement to Kubernetes integration

Fixed an issue where the Kubernetes Operator didn’t detect changes to referencing secrets. Learn more about using Doppler with Kubernetes.

August 22, 2022
Improvements

Engineering Updates

  • Optimized data management for User Groups. Learn more about User Groups.
  • Fixed a Heroku integration issue that limits the number of Heroku apps shown during setup. Learn more about our Heroku integration.
  • Fixed an issue that prevented GitHub Actions integrations from being created. Learn more about our Github Actions integration.
August 22, 2022
Product Launches

Universal Import

Launched essential flow for a new feature, Universal Import, currently in Internal Access.

Release date coming later this year. Learn more about Universal Import.

August 13, 2022
Product Launches
Announcing our Doppler SecretOps for Students Program

Announcing our Doppler SecretOps for Students Program

Doppler is now part of the GitHub Student Developer Pack, educating students with industry best practices for managing secrets.

Check out our announcement post to learn more.

July 07, 2022
Product Launches
Beta: Doppler Pull Requests

Beta: Doppler Pull Requests

Utilize the familiar Pull Request workflow to make changes in Doppler. Reach out to support@doppler.com for access and check out the docs to learn more.

June 20, 2022
Improvements

Support for retries in the Doppler Terraform provider

The Doppler Terraform provider will now retry requests up to 10 times to help combat intermittent request failures.

May 31, 2022
Product Launches

Mount emphemeral .env, JSON, or custom files using the CLI

The cli now support mounting a temporary file for applications to read secrets from. The file is automatically torn down when the doppler cli exits. Learn more here.

April 19, 2022
Product Launches
New! Custom Roles are generally available

New! Custom Roles are generally available

Custom Roles allow an organization on the Doppler Enterprise plan to define roles to fit their specific use case - as granular as needed.

March 15, 2022
Product Launches
Native Render integration now available

Native Render integration now available

Sync your secrets directly to Render with our new native integration. Learn more here.

February 27, 2022
Improvements

New Doppler Terraform provider resources

The Doppler Terraform provider now supports projects, environments, and configs. Check out the docs here.

February 15, 2022
Product Launches
Dynamic Secrets for AWS IAM is available in beta

Dynamic Secrets for AWS IAM is available in beta

Provision AWS IAM users just-in-time with a defined TTL. Check out our docs to learn more.

January 26, 2022
Product Launches
Standardize your Doppler projects with Default Project Environments

Standardize your Doppler projects with Default Project Environments

Default Project Environments ensure consistency across all of your Doppler projects.

January 03, 2022
Product Launches
Forward activity logs to Splunk or Sumo Logic

Forward activity logs to Splunk or Sumo Logic

Forward Doppler activity logs to Splunk or Sumo Logic to strengthen your SIEM posture.

November 15, 2021
Improvements
Service Tokens Now Support Write Access

Service Tokens Now Support Write Access

Service Tokens now support writes, expanding the possible use cases even further.

November 09, 2021
Improvements

Drag and Drop to Import Secrets

Getting started with Doppler is even easier now that you can import your existing secrets via drag and drop with support for ENV, JSON, and YAML formats.

November 07, 2021
Improvements
Configure CLI with Service Token via stdin

Configure CLI with Service Token via stdin

To prevent potential token leakage by malicious process list monitoring, the CLI can now be configured with a Service Token using stdin.

November 01, 2021
Improvements
Group Project Membership

Group Project Membership

The Group detail page in the Team section now displays the list of Projects it can access.

October 28, 2021
Product Launches
Recurring Reminders

Recurring Reminders

Have a secret that needs to be rotated monthly, say a database url? You can now configure recurring reminders on individual secrets in each environment.

October 20, 2021
Product Launches
User Groups

User Groups

User Groups provide the fine-grained access controls required by large and enterprise organizations for managing Project ACLs at scale.

Learn more by visiting our User Groups documentation.

October 18, 2021
Product Launches
MFA Face ID/Touch ID Support iOS

MFA Face ID/Touch ID Support iOS

Email and password accounts can now add a Face ID/TouchID MFA security key.

October 13, 2021
Product Launches
Doppler SAML SSO for Azure Active Directory

Doppler SAML SSO for Azure Active Directory

Enable Doppler SAML SSO for Azure Active Directory with our step-by-step guide to creating a Doppler AD Enterprise application.

https://docs.doppler.com/docs/azure-ad-saml.

October 10, 2021
Product Launches
Compare Secret Configs

Compare Secret Configs

In addition to comparing individual secrets, you can now diff two configs from the same project.

September 30, 2021
Product Launches
Ephemeral Service Tokens

Ephemeral Service Tokens

It's now possible to create ephemeral Service Tokens by setting an expiration time.

Perfect for set-and-forget short-term access use cases.

September 28, 2021
Improvements
GitHub Environments Support

GitHub Environments Support

Our GitHub Actions integration now supports syncing secrets to any GitHub Environment defined for that repository.

September 08, 2021
Product Launches
Promote Branch Secrets to Root Config

Promote Branch Secrets to Root Config

You can now promote individual secrets from a branch to the root config. No copy and paste required!

September 07, 2021
Product Launches
Discounted Pricing for Students and Non-Profits

Discounted Pricing for Students and Non-Profits

We've updated our pricing to provide a 75% discount for students and non-profits for the lifetime of their account.

To get the discount applied create a workplace on the Team plan and then contact our support team to have the discount applied. That's it!

September 06, 2021
Improvements
Heroku Integration Pipeline Apps Support

Heroku Integration Pipeline Apps Support

Our Heroku integration now supports syncing secrets for Pipeline applications.

August 15, 2021
Security Updates
Verify Doppler CLI Binary for Install Script

Verify Doppler CLI Binary for Install Script

Installing the Doppler CLI using the install.sh script now supports binary signature verification using the `--verify-signature` flag.

Learn more by visiting our CLI installation documentation.

August 08, 2021
Improvements
Remove Integration Flow

Remove Integration Flow

You can now choose whether to keep or delete secrets synced from Doppler when removing an integration.

August 05, 2021
Improvements
Customize Name When Duplicating Config

Customize Name When Duplicating Config

You can now customize the name when cloning a Config in the dashboard and CLI.

August 03, 2021
Improvements
Doppler CLI Alpine Package

Doppler CLI Alpine Package

The Doppler CLI can now be installed as an Alpine package.

Get installation commands at https://docs.doppler.com/docs/enclave-installation.

August 02, 2021
Product Launches
Config Integrations Tab

Config Integrations Tab

The new Integrations tab provides quick access to the connected integrations for a specific Config.

July 13, 2021
Product Launches
Secrets Sync for Cloudflare Pages Environment Variables

Secrets Sync for Cloudflare Pages Environment Variables

Learn how to sync Doppler secrets to Cloudflare Pages environment variables in a single command using our new Cloudflare Pages Environment Variables documentation.

July 08, 2021
Product Launches
Send Activity Logs to a Microsoft Teams Channel

Send Activity Logs to a Microsoft Teams Channel

You can now configure workplace activity logs to be sent to a Microsoft Teams channel.

See the Microsoft Teams documentation to learn more.

July 07, 2021
Improvements
CLI v3.30.0 with improved auto-completion and fish shell support

CLI v3.30.0 with improved auto-completion and fish shell support

Doppler CLI v3.30.0 has been released with new auto-completion enhancements and fish shell support.

July 06, 2021
Improvements
Environment Specific Webhooks

Environment Specific Webhooks

Webhooks can now be scoped to a specific environment, perfect for triggering automatic redeploys on platforms such as Vercel and Netlify.

As an example, check out how to configure automatic production redeploys on Vercel using Doppler webhooks.

June 15, 2021
Product Launches
Download Secrets in YAML Format from the Dashboard

Download Secrets in YAML Format from the Dashboard

Secrets can now be downloaded in YAML format from the dashboard.

June 13, 2021
Product Launches
Reconnect Integrations

Reconnect Integrations

You can now easily reconnect an integration that is failing to sync from the project's integrations page.

June 10, 2021
Improvements
CircleCI Integration Now Syncs Individual Secrets

CircleCI Integration Now Syncs Individual Secrets

We've made it easier to integrate Doppler into your CircleCI workflows by supporting the syncing of individual secrets.

Learn more at our CircleCI Integration documentation.

June 08, 2021
Product Launches
Force Sync Integration

Force Sync Integration

In the event you need to test an integration, you can now trigger a sync manually from the integrations page.

June 06, 2021
Improvements
Secrets Action Bar

Secrets Action Bar

We've improved the dashboard UI with our new secret action bar, putting operations such as comparing secrets just 1-click away.

June 03, 2021
Product Launches
Debugging Python Apps in Visual Studio Code

Debugging Python Apps in Visual Studio Code

Check out our new guide that shows how to integrate Doppler with @VisualStudio Code for #Python applications using our new doppler-env Python package.

Learn more at our Visual Studio Code Python documentation.

May 30, 2021
Product Launches
Apply Secret Changes Across Multiple Environments

Apply Secret Changes Across Multiple Environments

You can now apply secret changes across multiple environments with a single click! Especially handy when adding a new secret.

May 06, 2021
Improvements
Team Page Search Filtering and Pagination

Team Page Search Filtering and Pagination

The new search filtering and pagination features on the Team page make it fast and easy to review access permission levels organization wide.

April 29, 2021
Improvements
GitHub Integration Now Syncs Individual Secrets

GitHub Integration Now Syncs Individual Secrets

It's now easier to manage your GitHub Action secrets using Doppler as our integration has been updated to support the syncing of individual secrets.

Learn more at our GitHub Integration documentation.

April 26, 2021
Product Launches
Multi-Environment Secret Updates

Multi-Environment Secret Updates

Updating secrets and config values across environments just got a whole lot easier with our new multi-environments update feature!

April 14, 2021
Improvements
Smarter Doppler CLI Open Command

Smarter Doppler CLI Open Command

Our CLI doppler open dashboard command just got smarter, taking you directly to the project you're working in!

Upgrade the CLI to the latest version by running doppler update.

April 12, 2021
Security Updates

Achieving SOC 2 Compliance

Developers and organizations trust Doppler with securely managing and serving millions of secrets to their applications and we’re excited to announce that Doppler has achieved SOC 2 Compliance.

Read our announcement blog post to learn more.

April 07, 2021
Product Launches
Announcing the Doppler Share API

Announcing the Doppler Share API

Doppler Share now has a public facing API that supports sending secrets to the API in plain-text or encrypted using an AES-GCM symmetric key (recommended).

Learn more at https://docs.doppler.com/reference#share-secret.

April 05, 2021
Product Launches
Secure Secrets Management for DigitalOcean Applications

Secure Secrets Management for DigitalOcean Applications

Now you can securely manage secrets and environment variables for your DigitalOcean hosted applications with our DigitalOcean Marketplace App.

We're excited to be bringing our universal secrets management features to DigitalOcean and our embedded CLI injects secrets as environment variables for every language and framework.

Learn more at https://docs.doppler.com/docs/digitalocean.

March 31, 2021
Product Launches
Doppler 30% Off First 3 Months in Partnership with Founder Club

Doppler 30% Off First 3 Months in Partnership with Founder Club

Doppler is proud to be partnering with @ProductHunt Founder Club to give eligible start-ups 30% off their first 3 months (up to $5,000) on any Doppler subscription.

Learn more at https://www.producthunt.com/founder-club.

March 29, 2021
Product Launches
Viewer Access Level

Viewer Access Level

Doppler now has a permissions level of Viewer that provides read-only access to secrets. Any user with Viewer access must be explicitly added to each project.

Learn more in our Team Access documentation.

March 24, 2021
Product Launches
Secret Notes in Doppler Dashboard

Secret Notes in Doppler Dashboard

Ever had the issue where you don't know what an app config or secret is for? Or what values are allowed?

Wonder no more, as you can now add notes for each secret in the Doppler dashboard.

March 22, 2021
Product Launches
Doppler CLI Shell Completion

Doppler CLI Shell Completion

The Doppler CLI v3.23.1 now has shell completion that will be automatically configured on install for all non-Windows distributions.

Existing CLI installations can add shell completion by running `doppler completion install`.

March 18, 2021
Improvements
Doppler Share Dashboard Integration

Doppler Share Dashboard Integration

Doppler Share is now integrated into the dashboard, allowing you to share a secret with a trusted external developer in just two-clicks!

March 15, 2021
Product Launches
Doppler Secrets Sync for CircleCI

Doppler Secrets Sync for CircleCI

Wish you could manage CircleCI secrets for every project from a single dashboard? Learn how in less than 5 minutes using our Doppler secrets sync guide for CircleCI.

March 10, 2021
Improvements
Open the Doppler Dashboard from the CLI

Open the Doppler Dashboard from the CLI

Need to jump from your development environment to the Doppler dashboard? Don't manually open your browser—just run the doppler open command.

Check out our CLI Guide for more tips and tricks!

March 08, 2021
Product Launches
Manage Doppler Team access with Okta SCIM 2.0

Manage Doppler Team access with Okta SCIM 2.0

Doppler now supports Okta SCIM 2.0 for automatically provisioning and managing user access on our Team subscription.

Learn more at https://docs.doppler.com/docs/okta-scim.

March 03, 2021
Product Launches
Azure App Services Secrets Sync Integration

Azure App Services Secrets Sync Integration

We're excited to announce our new Azure App Services secrets integration, enabling you to centrally manage secrets for every Azure App Services application from the Doppler dashboard with secret updates synced instantly.

March 01, 2021
Product Launches
Doppler Secrets Sync for Kubernetes

Doppler Secrets Sync for Kubernetes

Want a single source of truth for managing k8s secrets? Check out our new guide for syncing Doppler secrets to Kubernetes using the Doppler CLI, environment variables, or a mounted config file.

Learn more at https://docs.doppler.com/docs/kubernetes.

February 25, 2021
Improvements
Doppler CLI Apple Silicon Support

Doppler CLI Apple Silicon Support

Apple Silicon: One small step to convince yourself you need a new Mac. One giant leap for performance!

As of version v3.23.0, you can use the Doppler CLI at warp speed with our new native support for Apple silicon!

February 23, 2021
Product Launches
Announcing Doppler Share

Announcing Doppler Share

We built this so anyone share secrets with end-to-end encryption without needing to create an account or jump through any hoops.

Try it now - https://share.doppler.com.

February 21, 2021
Improvements
Doppler Secrets Referencing Autocompletion

Doppler Secrets Referencing Autocompletion

Using secrets referencing, e.g ${SECRET_NAME} is now a breeze thanks to our new autocompletion UI, making it much easier to create a secret such DB_URL which combines all database secrets.

For example: postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}

Learn more at https://docs.doppler.com/docs/enclave-secrets.

February 18, 2021
Product Launches
Doppler Secrets Sync for Cloudflare Workers

Doppler Secrets Sync for Cloudflare Workers

Using Cloudflare Workers? Check out our new guide for syncing Doppler secrets to Cloudflare with a single command you can easily integrate into your deployment workflow.

Learn more at https://docs.doppler.com/docs/cloudflare-workers.

February 16, 2021
Product Launches
Doppler CLI Configs Clone Command

Doppler CLI Configs Clone Command

Cloning a Doppler config is handy for troubleshooting, e.g cloning the QA environment to debug test failures, and you can now clone a config from the CLI with the doppler configs clone command.

February 14, 2021
Product Launches

New Secrets Download Formats

The Doppler CLI now supports downloading secrets in YAML format, as well as runtime specific variants such as docker and env-no-quotes for use in GitHub Actions.

Learn more by running doppler secrets download --help

February 11, 2021
Product Launches
Doppler Secrets Sync for Bitbucket Pipelines

Doppler Secrets Sync for Bitbucket Pipelines

Check out our new secrets sync guide for Bitbucket Pipelines that uses a custom CI environment and branch configs to manage secrets for every environment from a single, unified dashboard.

Learn more at https://docs.doppler.com/docs/bitbucket-pipelines.

February 09, 2021
February 07, 2021
Product Launches
Doppler Secrets Sync for AWS Lambda

Doppler Secrets Sync for AWS Lambda

Manually editing environment variables in the Lambda console can be a thing of the past with our new Doppler secrets sync guide for AWS Lambda.

Learn more at https://docs.doppler.com/docs/aws-lambda.

February 03, 2021
Product Launches
Doppler CLI Upload Command

Doppler CLI Upload Command

Bootstrapping a project to use Doppler is now even easier, thanks to the new doppler secrets upload command. Supports uploading files in ENV and JSON formats.

February 01, 2021
Security Updates

Vulnerability Disclosure Program Now Public

We're constantly working with security researchers and professionals to improve our security posture and we invite you to collaborate with us by joining our public Vulnerability Disclosure Program.

January 24, 2021
Product Launches
Doppler Community Forum

Doppler Community Forum

Our shiny and new Doppler community forum, powered by the 100% open source @discourse forum is now live at https://community.doppler.com

December 30, 2020
Product Launches
December 2020 Updates

December 2020 Updates

Doppler Donating to Reduce CO₂ Emissions

At Doppler, we believe in helping not just developers, but the world they live in. Starting today we are taking our first step to help make that a reality by committing to donating 1% of each subscription to the removal of CO₂ from the atmosphere.

doppler.yaml Repo Config File

Tired of telling your team what Doppler project and config they need to select for a repository? Add a doppler.yaml file to auto-select the project and config for your repo when running doppler setup. Learn more at https://docs.doppler.com/docs/enclave-project-setup#local-development.

Doppler CLI Now Using OS Keyring For Auth Tokens

Starting in v3.16.0, CLI Tokens are now securely stored in the OS Keyring instead of the file system for macOS, Linux, and Windows.

Service Token Format Includes Config Name

You can now see which config a Service Token belongs to as the config name is built into the Service Token value. Thanks to @alexbouchardd for the suggestion!

Easy Doppler CLI Upgrades

Keeping dev tools up to date is hard, but not so with the Doppler CLI! Starting in version v3.16.0 you'll be prompted (once) to update your version whenever a new release becomes available.

Integrating Doppler with GitLab CI / CD

Using GitLab CI / CD? Learn how to use Doppler to provide secrets to your CI / CD jobs in less than 5 minutes with our new secrets management guide for GitLab.

GitHub now scans for leaked Doppler tokens

GitHub now scans your repos for Doppler tokens. Tokens found in public repos will be automatically revoked, preventing exposed tokens from being used to access your secrets.

See the official announcement from GitHub at https://github.blog/changelog/2020-12-07-github-now-scans-for-leaked-doppler-tokens

AWS Secrets Manager Integration

Wish AWS Secrets Manager had a nicer UI for managing app config instead of a JSON blob? Why not use Doppler's dashboard to automatically sync config changes to AWS Secrets Manager with our new integration! Learn more at https://docs.doppler.com/docs/aws-secrets-manager

Doppler "Enclave" Renamed to "Projects"

Phil Karlton said, "naming things" was one of the toughest challenges in computer science. We agree, and thanks to our fantastic community and their feedback, we've changed the previous term "Enclave" in the Doppler dashboard and documentation to be "Projects. Much better!

Vercel Integration

Have a need for speed? Vercel is all about it! Now you can sync secrets from Doppler for every project, and environment with our new integration! Learn more at https://docs.doppler.com/docs/vercel

November 29, 2020
Product Launches
November 2020 Updates

November 2020 Updates

GCP Secret Manager Integration

Using GCP Secrets Manager? Now Doppler can automatically keep your app config and secrets in sync across staging, production, and everything in-between using our new integration! Learn more at https://docs.doppler.com/docs/gcp-secret-manager

Netlify Integration

Deploying to Netlify? Now you can sync secrets from Doppler to Netlify for every project and environment with our new integration!

Learn more at https://docs.doppler.com/docs/netlify

GitHub Integration

Struggling to manage secret sprawl in GitHub Actions? You can now inject secrets from Doppler into your GitHub Action with our new integration. Learn more at https://docs.doppler.com/docs/enclave-github-actions

Invitation to Join our VDP Program

We’re trusted with serving millions of secrets to developers and their apps in a secure, performant, and reliable way. A love for security is built into the core of our DNA and you can help by joining Doppler's Vulnerability Disclosure Program at https://doppler.com/vdp

Custom Environments

We love how vocal our community is in telling us what they need to manage secrets more effectively, and the most requested feature by far, has been the creation of custom environments.

And it's now here! 🎉🎉🎉

Laravel Forge Integration

Deploying to Laravel Forge? Now you can sync secrets from Doppler to Forge automatically with our new integration! Learn more at https://docs.doppler.com/docs/enclave-laravel-forge-installation

Heroku Integration

Deploying to Heroku? Make life easy by having a single dashboard to configure all of your Heroku applications across different environments using our new integration, with changes synced instantly! Learn more at https://docs.doppler.com/docs/heroku

Feedback Modal in Dashboard

What is the shortest word in the English language that contains the letters: abcdef? Feedback! And that’s what we want to hear from you to make Doppler the best app config and secrets management tool by using the new Feedback widget, built right into our dashboard.

October 30, 2020
Product Launches
October 2020 Updates

October 2020 Updates

Ryan Blunden joining the team as Developer Advocate!

We're thrilled to announce that Ryan Blunden is joining Doppler full-time as a Developer Advocate. He loves creating documentation, educational videos, presenting, and joined Doppler to help developers everywhere manage their app configuration and secrets securely, and easily.

Outside of work, it's music and motorcycles that keep him busy and his location in Brisbane, Australia means he's always living in the future, at least by PST anyway.

AWS Parameter Store Integration

Wish AWS Parameter Store had a developer experience like Doppler? Now it can with our new AWS Parameter Store integration. Instantly sync your app config and secrets! Learn more at https://docs.doppler.com/docs/aws-parameter-store

Doppler HQ

Doppler HQ is officially a thing, and while we do embrace remote first and pants optional programming, we love the camaraderie of working together in a physical space.

If you're in San Francisco, we'd love for you to stop by to chat about app config, secrets management, security, or you can get our CEO Brian to buy you a free Burrito!

Doppler CLI removes enclave prefixed commands

Unless your Barbara Blackburn, who types at 212 words per minute, you're probably like us and prefer fewer keystrokes. That's why we've simplified the Doppler CLI to remove the enclave prefixed commands, so for example, doppler enclave setup is now doppler setup.

September 01, 2020
Security Updates
Security.txt

Security.txt

Want to help improve Doppler's security? Our security.txt shares how to do so safely and securely.

August 30, 2020
August 2020 Updates

August 2020 Updates

Universal CLI Updates

You can now run doppler update on any machine to automatically upgrade to the latest version. And it's lightning fast. Try it out!

Secrets Referencing

Have a ton of duplicate secrets? Now you can add your secret to just one config and then reference it from everywhere else!

Here's how:

  • Within a config: ${STRIPE_KEY}
  • Within a project: ${stg.STRIPE_KEY}
  • Across projects: ${billing.stg.STRIPE_KEY}

Once you have a secret being referenced, if you change that secret all references to it will automatically update.

New Status Domain

In light of the recent Cloudflare DNS outage, we embarked on separating our status page infrastructure from our primary services. Our new status page is hosted at dopplerstatus.com and uses a different registrar and DNS provider than our doppler.com domain. This helps ensure that a domain-wide outage cannot bring down our status page.

July 30, 2020
Product Launches
July 2020 Updates

July 2020 Updates

Enable/Disable Webhooks

Want to get notified in your service about changes in your configs? You can now easily setup webhooks and enable/disable them.

Welcome Ruud Visser 🔥

We are all super excited to introduce Ruud Visser to the Doppler team. Before joining Doppler, Ruud led backend API infrastructure at Instagram! We can't wait to see what he ships next.

If you are passionate about developer tools or security, we are hiring Full Stack Engineers, Security Engineers, Developer Advocates, and Designers. Come join us!

MFA: YubiKey support

We've rolled out support for our most requested MFA method: security keys! You can now use a YubiKey and other WebAuthn-based security keys as an additional factor during login. Security keys can be added in addition to OTP/Authy, and we support multiple keys from day one. One piece of personal advice: always add a backup key!

Members Can Now Leave A Workplace

Everyone should have a choice of if they want to be part of a workplace, regardless of their access. Now any user, including someone with member access, can leave a workplace.

Smarter Secret Names

Secret names are tricky to get right, you want them to be uppercased and use underscores to make sure they work everywhere. But remembering all these arbitrary rules isn't fun, so now you don't have to. Doppler will automatically map your secret names as you type, like converting a space to an underscore. Just type, we will handle the rest!

Hello JSON Upload

Storing your secrets in JSON? Well at least they aren't in an ENV file 😂. Now you can upload them in bulk with our JSON upload feature!

Project Slugs Reimagined

All new Enclave projects are now referenced by their name. This makes for a much smoother experience when interacting with our APIs and CLI.

Current projects will continue to use their existing slug. To switch an existing project to a name based slug, simply rename your project.

June 29, 2020
Product Launches
Lock your Enclave configs for added protection

Lock your Enclave configs for added protection

After recently deleting the wrong test config, we were humbly reminded that accidents happen. This led us to build our newest feature: config locking. Locking an Enclave config prevents it from accidentally being renamed or deleted. To perform one of these actions on a locked config, simply unlock.

May 30, 2020
Product Launches
May 2020 Updates

May 2020 Updates

Doppler CLI now available via GitHub Actions

The Doppler CLI is now a full-time CI resident! Check out the Action on GitHub Marketplace to start using it in your GitHub Workflows today.

A Self Updating CLI

For Homebrew users, you can now update the Doppler CLI with the doppler update command as of version 3.1.0.

April 07, 2020
Product Launches
Hello Root Configs, Goodbye Defaults

Hello Root Configs, Goodbye Defaults

Welcome to a more intuitive way to manage your secrets. Root configs work just like defaults but also comes with service tokens, Heroku sync, versioning, and much more.

March 04, 2020
Improvements
March 2020 Updates

March 2020 Updates

Secret Substitution

Have you ever needed to combine secrets together? Maybe a shared hostname? Today you can reference secrets from within other secrets.

Additional OTP 2FA Setup Methods

We've added support for setting up OTP via a manual key. This is in addition to the primary method of scanning a QR code. If you haven't set up OTP yet, try it out today!

February 26, 2020
Product Launches
February 2020 Updates

February 2020 Updates

All Clients are End of Life

…except for the new Doppler CLI. The legacy Node CLI and Node, Python, and Ruby clients will continue to work with our v1 APIs, but will NOT receive any security updates, bug fixes, or new features.

The new Doppler CLI is written in Go to ensure it remains lightweight, incredibly fast, and compatible on any OS without dependencies. Plus, it ensures your secrets are always encrypted.

UI Improvements

We've rolled out a bunch of UI improvements and paper cut fixes this month. Here are a few of the things the team has released so far:

  • Improvement: Count the number of secrets currently displayed
  • Improvement: Alert when adding a secret with a name that already exists
  • Improvement: API Reference for creating service tokens
  • Fix: Scrollbars no longer block secrets in config logs on certain browsers
  • Fix: Don't show 2FA flow when logging in with Google Auth
  • Fix: Feedback form now looks consistent across all pages
  • Fix: Changes page has bullet points and support for code snippets
  • Fix: Slack community link is working again

The Fastest Doppler Ever

We've reduced our total page size by ~98% and load time by ~35%. To accomplish this, we now cache all static, public assets for up to 1 year. Assets are also cached by our globally-distributed CDN, meaning assets will always be served from a location near you.

We content-address all of our static assets. This is a method of naming the asset based on its content, typically using a hash function. Content-addressing ensures immutability by guaranteeing that the asset's name changes whenever its content does. For example, instead of loading doppler-logo.png, we load something like doppler-logo-a24a706d.png.

This funky naming enables us to crank caching up to the max. We specify a cache policy of public, max-age=31536000, immutable, must-revalidate. Let's break down what this means:

  • public allows the asset to be cached by your browser and by our CDN
  • max-age=31536000 indicates the asset can be cached for 1 year
  • immutable asserts that the content really doesn't need to be rechecked if unexpired (why we need this)
  • must-revalidate ensures that the asset is re-requested once it expires

Evangelizing Two-Factor Auth

Our users trust Doppler with their secrets. In return, Doppler trusts users to take account security seriously. After all, the most secure systems are still only as secure as their weakest link.

To help improve account security for all users, we'll now prompt you to set up 2FA on your next login. We'll also do so after performing a password reset.

This helps ensure your secrets are shielded from poor password hygiene, which is an ongoing goal of ours.

Compare Secrets

Ever wanted to compare your database url or any other secret across development to production? With the Compare Secret feature, you can!

Activity Logs Diffs

See the changes your team makes whenever an Enclave config is updated! View the config log to go deeper into which values were modified.

CLI v2.0

This major release is packed with features for local development.

Here's one: doppler run now automatically keeps a local, encrypted backup of your secrets. If the Doppler API or your internet connection ever goes down, you'll still be able to boot your app.

Remember, the CLI only takes 3 steps to set up locally:

  1. brew install dopplerhq/cli/doppler / scoop / docker / other
  2. doppler login && doppler enclave setup
  3. doppler run -- node server.js <- or whatever your app is!

For a full list of new features and breaking changes, check out the release notes.

(Ok, we cheated on step 2 with the &&. But we also included the installation, which we could've left out, just to show you how easy that is too!)

January 30, 2020
Product Launches
January 2020 Updates

January 2020 Updates

Enclave Webhooks

Automate your infrastructure with webhooks from Doppler. Get notified when anything in your Enclave project changes.

Brownie Points: Doppler signs the webhook request with a secret you provide to verify it is coming from us.

2FA: OTP Support

Protect your account with OTP 2FA, an open standard for two-factor authentication.

Strengthening Service Tokens

To encourage best practices, service tokens are now only displayed once during initial creation. After creation, you'll need to generate a new service token to retrieve its value. This helps ensure that you're using a unique service token for each service.

Rename Secrets

We are excited to ship one of our most requested features: Renaming Secrets!

Multi-Line Secret Upload

Have you ever needed to upload a multi-line secret like a certificate? Now you can today!

Have I Been Pwned?

To help keep customers safe, we now securely check users' passwords against public data breaches. If your password has previously been exposed in a data breach, we'll display a notice during login that requires you to change your password. More info:

We use the k-Anonymity model to anonymously and securely check if your password has been part of any past, public data breaches. Specifically, during login we now take a SHA1 hash of your password. The first 5 characters of this hash are sent to the popular Have I Been Pwned (HIBP) service. HIBP returns a list of all hashes it knows about that start with the same 5-character suffix. Our servers then compare each returned hash against the full SHA1 hash of the user's password. If there is a match, we prompt the user to change their password.

This process can only be performed during login and when changing your password because that's the only time Doppler has access to a user's plaintext password. We store bcrypt hashes of passwords in our database, meaning it would be computationally infeasible to perform this HIBP check at any other time. Additionally, the computed SHA1 hash is used only for the HIBP service and is never persisted outside of application memory.

We'll likely talk more about password security at a future date. For now, we encourage all of our customers to follow these best practices, as we do internally:

  • Use a password manager for every account, regardless of its importance
  • Always enable 2FA! (but ideally avoid SMS and Voice 2FA)
  • Generate strong, random passwords with your password manager
  • Never reuse passwords

🎉 New Year, New CLI

We're proud to announce the release of our new Doppler CLI! This release introduces some exciting new features:

  • Forget about Doppler API Keys! Easier, more secure authentication with doppler login
  • Manage all your connected devices from the Doppler Dashboard
  • Simplified installation, including support for docker, brew, deb/apt, rpm/yum, and scoop. Also available as a standalone binary for Linux, macOS, and Windows.
  • 40% faster and only ~3MiB small

All other Doppler client libraries have now been deprecated. This will allow us to more rapidly iterate on features and improve the productivity of our customers.

Thank you to all of our customers for another amazing year. We've got some enormous things cooking for 2020- stay tuned!

Thanks & Happy New Year! 🎉

September 29, 2019
Improvements
September 2019 Updates

September 2019 Updates

"CMD + Enter" to Save

Pro Tip: Save your secrets in Doppler with the CMD + Enter shortcut!

Multi-Line Secrets

Doppler now supports multi-line secrets such as certificates. Just paste and save!

May 30, 2019
Improvements
May 2019 Updates

May 2019 Updates

Navigate Faster

Powerful search gets you to where you want to go. Stay on your keyboard while navigating your workplace with "s" keyboard shortcut.

Diverged from Defaults?

Doppler's Defaults feature is the easiest way to roll out a new variable to your entire CI/CD pipeline. At a glance, see which variables in an environment are synced or diverged from Defaults.

All the Logs, Now on Slack

See your activity logs as they come in without ever having to leave Slack!

April 29, 2019
Product Launches
April 2019 Updates

April 2019 Updates

Heroku Sync

On Heroku? Keep your app's config vars in sync with Doppler through automated 2 way sync. Setup Heroku Sync in under 2 minutes.

Documentation Hub

Checkout our new documentation hub! Explore the CLI and automate your flows with our API. Access the hub directly through the dashboard through the docs link.

February 27, 2019
Product Launches
February 2019 Updates

February 2019 Updates

Secure View

Securely view your environment variables without worry of someone peeking over your shoulder...

Going SSO!

Using Single Sign-On providers like Okta or OneLogin? We have great news, you can now onboard your entire organization with our enterprise SAML SSO + JIT (Just In Time) feature. Request access today by reaching out to our enterprise team.

January 30, 2019
Product Launches
January 2019 Updates

January 2019 Updates

File Upload

Upload your environment variables in bulk with file upload. Paste the contents of your .env and Doppler will handle the rest!

Launching 2FA

Protect your account from hackers with 2FA through our partner Authy. Enable 2FA today on your Doppler account by clicking here!

🎉 New Year, New Doppler

All traffic to doppler.market will now be redirected. Behind the scenes, here are some updates:

  • Status Page is now dopplerstatus.com.
  • Client Libraries now point to api.doppler.com.
  • CLI ~> 1.0.15
  • Node Client ~> 1.2.7
  • Python Client ~> 0.0.19
  • Ruby Client ~> 0.1.5

We're pumped to show you what else we have in store for 2019. Thanks for sharing with us the amazing feedback and the opportunity to make an impact on your journey.

For any comments, feedback, or support related questions, feel free to reach us at hello@doppler.com.

Thanks & Happy New Year! 🎉

December 30, 2018
Product Launches
December 2018 Updates

December 2018 Updates

Status page

We believe in transparency at Doppler, especially something as important as your variables/secrets. To continue this effort, we are launching a status page.

October 30, 2018
Product Launches
October 2018 Updates

October 2018 Updates

Lots of Logs

Have visibility over all workplace changes — from a bird's-eye view with Activity Logs and a worm's-eye view with Audit Logs.

Activity Logs

As workplace owners and admins, see how your team operates from a high level. From in-pipeline activity to user access modifications, Activity Logs show it all.

Audit Logs

Oftentimes, your teammates may suddenly update environment variables, and you don't know who changed what. Now, you can see who's making every change down to each character. If need be, the rollback feature comes in handy...

API Key Rolling

As of today, you can roll your Doppler API key as needed. For owners, the ability to roll any other teammate's API key on the team page is also available.

One-off API Keys

If you have external team members, like contractors, you're able to create one-off Doppler API keys that grant access to only a single environment.