Skip to main content
  1. Docs
  2. Secrets & Configuration
  3. Providers
  4. Secrets & config
  5. doppler-secrets

doppler-secrets

    The doppler-secrets provider enables you to dynamically import Secrets from Doppler into your Environment. The provider will return a map of names to Secrets.

    Example

    values:
      doppler:
        login:
          fn::open::doppler-login:
            oidc:
              identityId: 00000000-0000-0000-0000-000000000000
        secrets:
          fn::open::doppler-secrets:
            login: ${doppler.login}
            project: example-project
            config: dev
            get:
              api-key:
                name: API_KEY
              app-secret:
                name: APP_SECRET
      pulumiConfig:
        apiKey: ${doppler.secrets.api-key}
        appSecret: ${doppler.secrets.app-secret}
    

    Schema reference

    Reference schemas last updated on 2026-07-11, synced automatically from the Pulumi Cloud ESC API.

    Inputs

    • config string required
      The config identifier.
    • get map[string]DopplerSecretsGet required
      A map from names to secrets to read from Doppler. The outputs will map each name to the secret’s sensitive data.
    • name string required
      The secret name in Doppler.
    • login DopplerSecretsLogin required
      Credentials used to log in to Doppler.
    • accessToken string required
      The access token to use for authentication.
    • project string required
      The project identifier.

    Outputs

    A map from names to secret values.

    Type: map[string]string

    Configuring OIDC

    To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Doppler, see the OpenID Connect integration documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:

    • pulumi env open <org>/<project>/<environment> command of the Pulumi CLI
    • pulumi env open <org>/<project>/<environment> command of the Pulumi CLI

    Make sure to replace <org>, <project>, and <environment> with the values of your Pulumi organization and environment identifier respectively. You should see output similar to the following:

    {
      "doppler": {
        "login": {
          "accessToken": "dp.said.XXX..."
        },
        "secrets": {
          "api-key": "my-api-key",
          "app-secret": "my-app-secret"
        }
      }
    }