Table: doppler_service_token - Query Doppler Service Tokens using SQL
Doppler is a universal secret manager that helps you easily access and manage your application's secrets. It provides a centralized way to store, retrieve, and manage secrets for various applications, environments, and infrastructures. Doppler helps you maintain the security of your secrets and ensures that they are available to your applications when needed.
Table Usage Guide
The doppler_service_token
table provides insights into the service tokens within Doppler's universal secret manager. As a DevOps engineer, explore token-specific details through this table, including token expiry and usage patterns. Utilize it to uncover information about tokens, such as those nearing expiry, the frequency of token refresh, and the overall usage patterns.
Examples
Basic info
Explore the specifics of your service tokens, such as their accessibility, expiration, and creation dates, as well as their configuration and associated projects. This can help you manage your tokens effectively, ensuring they are up-to-date and used in the correct environments.
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_token;
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_token;
List service tokens that are expiring in the next 30 days
Identify instances where service tokens are set to expire within the next month. This is useful for staying ahead of potential access issues and ensuring uninterrupted service.
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_tokenwhere config = 'dev' and expires_at <= now() + interval '30 day';
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_tokenwhere config = 'dev' and expires_at <= datetime('now', '+30 day');
List service tokens with read/write access
Discover the service tokens that have read/write access. This is useful for identifying potential security risks, as these tokens can modify your data.
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_tokenwhere access = 'read/write';
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_tokenwhere access = 'read/write';
List service tokens that never expires
Explore which service tokens within your project are set to never expire. This can help identify potential security risks and enforce best practices for token management.
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_tokenwhere expires_at is null;
select name, slug, access, expires_at, created_at, config, environment, project, workplace_namefrom doppler_service_tokenwhere expires_at is null;
Schema for doppler_service_token
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
access | text | The access level of the service token. One of read, read/write. | |
config | text | = | The name of the config. |
created_at | timestamp with time zone | Date and time of the object's creation. | |
environment | text | Unique identifier for the environment object. | |
expires_at | timestamp with time zone | Date and time of the token's expiration, or null if token does not auto-expire. | |
key | text | An API key that is used for authentication. Only available when creating the token. | |
name | text | Name of the service token. | |
project | text | Unique identifier for the project object. | |
slug | text | A unique identifier of the service token. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The name of the workplace. | |
workplace_id | text | =, !=, ~~, ~~*, !~~, !~~* | The ID of the workplace. |
workplace_name | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- doppler
You can pass the configuration to the command with the --config
argument:
steampipe_export_doppler --config '<your_config>' doppler_service_token