Table: doppler_secret - Query Doppler Secrets using SQL
Doppler is a universal secrets manager that helps developers and organizations securely manage and quickly access secrets, such as database credentials, API keys, and tokens. It provides a centralized system to store, access, and deploy secrets across applications, services, and infrastructure. Doppler ensures that sensitive data is encrypted at rest, in transit, and even in use.
Table Usage Guide
The doppler_secret
table provides insights into secrets within Doppler. As a security engineer, explore secret-specific details through this table, including secret values, associated metadata, and secret versions. Utilize it to uncover information about secrets, such as those that are outdated, unused, or potentially exposed, and to verify the security of your secret management practices.
Examples
Basic info
Explore the configuration and security details of a project by identifying the raw and computed values of its secrets. This can be beneficial in assessing the project's security parameters and ensuring the integrity of the sensitive data it holds.
select project, config_name, secret_name, secret_value_raw, secret_value_computedfrom doppler_secret;
select project, config_name, secret_name, secret_value_raw, secret_value_computedfrom doppler_secret;
Get config details for each secret
Explore configuration details associated with each secret to gain insights into their creation time and deployment environment, which can assist in auditing and managing application settings.
select s.project, s.secret_name, s.config_name, c.created_at as config_created_at, c.environment as config_environment, c.root as config_rootfrom doppler_secret s inner join doppler_config c on s.config_name = c.name;
select s.project, s.secret_name, s.config_name, c.created_at as config_created_at, c.environment as config_environment, c.root as config_rootfrom doppler_secret s inner join doppler_config c on s.config_name = c.name;
Count the number of secrets by config
Gain insights into the number of secrets tied to each configuration in your Doppler setup. This is useful for understanding the security scope of each configuration.
select s.config_name, count(s.secret_name)from doppler_secret s inner join doppler_config c on s.config_name = c.namegroup by s.config_name;
select s.config_name, count(s.secret_name)from doppler_secret s inner join doppler_config c on s.config_name = c.namegroup by s.config_name;
Get environment details of each secret
Discover the segments that provide insight into the specific environment details associated with each secret. This is beneficial for understanding the environmental context and timing of your secrets, which can aid in security and management tasks.
select s.project, s.secret_name, s.config_name, e.id as environment_id, c.environment as environment_name, e.created_at as environment_created_at, e.initial_fetch_at as environmant_initial_fetch_atfrom doppler_secret s inner join doppler_config c on s.config_name = c.name inner join doppler_environment e on e.slug = c.environment;
select s.project, s.secret_name, s.config_name, e.id as environment_id, c.environment as environment_name, e.created_at as environment_created_at, e.initial_fetch_at as environmant_initial_fetch_atfrom doppler_secret s inner join doppler_config c on s.config_name = c.name inner join doppler_environment e on e.slug = c.environment;
Schema for doppler_secret
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
config_name | text | = | The name of the config. |
project | text | The ID of the project | |
secret_name | text | The secrect name. | |
secret_value_computed | text | The computed value of the secret. | |
secret_value_raw | text | The raw value of the secret. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The name of the workplace. | |
workplace_id | text | =, !=, ~~, ~~*, !~~, !~~* | The ID of the workplace. |
workplace_name | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- doppler
You can pass the configuration to the command with the --config
argument:
steampipe_export_doppler --config '<your_config>' doppler_secret