Integrating with Doppler
Doppler is a third-party service for managing secrets. To integrate, you
can use the Doppler API to fetch secrets at the start of your task.
Authenticating with Doppler
To authenticate, you'll need a
Doppler Service Token. We recommend storing it as a
secret config variable and attaching it to your task as an environment
variable.
Example code
We'll use the
gitops-secrets library from
Doppler to fetch secrets from the Doppler API.shellCopied1npm install gitops-secrets
Assuming
DOPPLER_TOKEN is configured, you can fetch secrets with just a few lines of code:typescriptCopied1// get_doppler_secret.airplane.ts2import airplane from "airplane";3import secrets from "gitops-secrets";45export default airplane.task(6{7slug: "get_doppler_secret",8name: "Get Doppler secret",9envVars: {10DOPPLER_TOKEN: { config: "DOPPLER_TOKEN" },11},12},13async () => {14// You can access payload.YOUR_SECRET directly:15const payload = await secrets.providers.doppler.fetch();16// Or populate it into process.env.YOUR_SECRET:17secrets.populateEnv(payload);18}19);
While Doppler doesn't yet natively support Python, you
can use the Doppler Download API to
manually download secrets.
shellCopied1pip install requests
We can define a
get_secrets function:pythonCopied1# get_secrets.py2import requests34api_url = "https://api.doppler.com/v3/configs/config/secrets/download?format=json&include_dynamic_secrets=true&dynamic_secrets_ttl_sec=1800"56def get_secrets(doppler_token):7response = requests.get(api_url, headers={8"accept": "application/json",9"authorization": "Bearer " + doppler_token10})11return response.json()
And re-use it across tasks:
pythonCopied1# get_doppler_secrets_airplane.py2import os3import airplane4from get_secrets import get_secrets56@airplane.task(7env_vars=[8airplane.EnvVar(9name="DOPPLER_TOKEN",10config_var_name="DOPPLER_TOKEN",11),12],13)14def get_doppler_secrets():15# Access via secrets["YOUR_SECRET"]16secrets = get_secrets(os.getenv("DOPPLER_TOKEN"))