steampipe plugin install doppler

Table: doppler_service_token - Query Doppler Service Tokens using SQL

Doppler is a universal secret manager that helps you easily access and manage your application's secrets. It provides a centralized way to store, retrieve, and manage secrets for various applications, environments, and infrastructures. Doppler helps you maintain the security of your secrets and ensures that they are available to your applications when needed.

Table Usage Guide

The doppler_service_token table provides insights into the service tokens within Doppler's universal secret manager. As a DevOps engineer, explore token-specific details through this table, including token expiry and usage patterns. Utilize it to uncover information about tokens, such as those nearing expiry, the frequency of token refresh, and the overall usage patterns.

Examples

Basic info

Explore the specifics of your service tokens, such as their accessibility, expiration, and creation dates, as well as their configuration and associated projects. This can help you manage your tokens effectively, ensuring they are up-to-date and used in the correct environments.

select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token;
select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token;

List service tokens that are expiring in the next 30 days

Identify instances where service tokens are set to expire within the next month. This is useful for staying ahead of potential access issues and ensuring uninterrupted service.

select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token
where
config = 'dev'
and expires_at <= now() + interval '30 day';
select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token
where
config = 'dev'
and expires_at <= datetime('now', '+30 day');

List service tokens with read/write access

Discover the service tokens that have read/write access. This is useful for identifying potential security risks, as these tokens can modify your data.

select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token
where
access = 'read/write';
select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token
where
access = 'read/write';

List service tokens that never expires

Explore which service tokens within your project are set to never expire. This can help identify potential security risks and enforce best practices for token management.

select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token
where
expires_at is null;
select
name,
slug,
access,
expires_at,
created_at,
config,
environment,
project,
workplace_name
from
doppler_service_token
where
expires_at is null;

Schema for doppler_service_token

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
accesstextThe access level of the service token. One of read, read/write.
configtext=The name of the config.
created_attimestamp with time zoneDate and time of the object's creation.
environmenttextUnique identifier for the environment object.
expires_attimestamp with time zoneDate and time of the token's expiration, or null if token does not auto-expire.
keytextAn API key that is used for authentication. Only available when creating the token.
nametextName of the service token.
projecttextUnique identifier for the project object.
slugtextA unique identifier of the service token.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe name of the workplace.
workplace_idtext=, !=, ~~, ~~*, !~~, !~~*The ID of the workplace.
workplace_nametextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- doppler

You can pass the configuration to the command with the --config argument:

steampipe_export_doppler --config '<your_config>' doppler_service_token