Integrating with Doppler
Doppler is a third-party service for managing secrets. To integrate, you
can use the Doppler API to fetch secrets at the start of your task.
Authenticating with Doppler
Authenticating with Doppler
To authenticate, you'll need a
Doppler Service Token. We recommend storing it as a
secret config variable and attaching it to your task as an environment
variable.
Example code
Example code
We'll use the
gitops-secrets library from
Doppler to fetch secrets from the Doppler API.shellCopied1npm install gitops-secrets
Assuming
DOPPLER_TOKEN is configured, you can fetch secrets with just a few lines of code:typescriptCopied1// get_doppler_secret.airplane.ts2import airplane from "airplane";3import secrets from "gitops-secrets";45export default airplane.task(6{7slug: "get_doppler_secret",8name: "Get Doppler secret",9envVars: {10DOPPLER_TOKEN: { config: "DOPPLER_TOKEN" },11},12},13async () => {14// You can access payload.YOUR_SECRET directly:15const payload = await secrets.providers.doppler.fetch();16// Or populate it into process.env.YOUR_SECRET:17secrets.populateEnv(payload);18},19);
While Doppler doesn't yet natively support Python, you
can use the Doppler Download API to
manually download secrets.
shellCopied1pip install requests
We can define a
get_secrets function:pythonCopied1# get_secrets.py2import requests34api_url = "https://api.doppler.com/v3/configs/config/secrets/download?format=json&include_dynamic_secrets=true&dynamic_secrets_ttl_sec=1800"56def get_secrets(doppler_token):7response = requests.get(api_url, headers={8"accept": "application/json",9"authorization": "Bearer " + doppler_token10})11return response.json()
And re-use it across tasks:
pythonCopied1# get_doppler_secrets_airplane.py2import os3import airplane4from get_secrets import get_secrets56@airplane.task(7env_vars=[8airplane.EnvVar(9name="DOPPLER_TOKEN",10config_var_name="DOPPLER_TOKEN",11),12],13)14def get_doppler_secrets():15# Access via secrets["YOUR_SECRET"]16secrets = get_secrets(os.getenv("DOPPLER_TOKEN"))