Doppler + Steampipe
Doppler is a cloud-native secrets management platform that securely centralizes and automates the management of sensitive data across teams and applications.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
List your Doppler secrets:
select project, config_name, secret_name, secret_value_computedfrom doppler_secret;
+---------------------+-------------+---------------------+-----------------------+| project | config_name | secret_name | secret_value_computed |+---------------------+-------------+---------------------+-----------------------+| plugin-test-project | dev_aws | DOPPLER_PROJECT | plugin-test-project || plugin-test-project | stg_aws | DOPPLER_CONFIG | stg_aws || plugin-test-project | sandbox | DOPPLER_CONFIG | sandbox || plugin-test-project | sandbox | DOPPLER_ENVIRONMENT | sandbox || plugin-test-project | prd | DOPPLER_CONFIG | prd || plugin-test-project | prd | DOPPLER_PROJECT | plugin-test-project || plugin-test-project | prd | DOPPLER_ENVIRONMENT | prd |+---------------------+-------------+---------------------+-----------------------+
Documentation
Quick start
Install
Download and install the latest Doppler plugin:
steampipe plugin install doppler
Credentials
Item | Description |
---|---|
Credentials | Doppler requires a project ID and an Doppler Token |
Permissions | The permission scope of access tokens is limited to the projects or environments based on token type. |
Radius | Each connection represents a single doppler Installation. |
Resolution | 1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/doppler.spc )2. Credentials specified in environment variables, e.g., DOPPLER_TOKEN and DOPPLER_PROJECT_ID . |
Configuration
Installing the latest doppler plugin will create a config file (~/.steampipe/config/doppler.spc
) with a single connection named doppler
:
Configure your account details in ~/.steampipe/config/doppler.spc
:
connection "doppler" { plugin = "doppler"
# A token, either a personal or service token is required for requests. Required. # For setting a token see instructions at https://docs.doppler.com/reference/auth-token-formats # This can also be set via the `DOPPLER_TOKEN` environment variable. # token = "dp.pt.BBS2eoMYCQW6fLv2fghbdsjbaczdsffdeBSaap887Xkbdsa"
# The ID of a project within a workplace is required for requests. Required. # This can also be set via the `DOPPLER_PROJECT_ID` environment variable. # project_id = "example-project"}
Alternatively, you can also use the standard Doppler environment variables to obtain credentials only if other arguments (token
and project_id
) are not specified in the connection:
export DOPPLER_TOKEN=dp.pt.abcdVDI7jCoV92ylJS9yXYZO5CZRiGm0WWWnZgsZZihexport DOPPLER_PROJECT_ID=plugin-test-project
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-doppler
- Community: Join #steampipe on Slack →