- Documentation: https://docs.doppler.com/reference#api
- Summary: Doppler is a secrets manager, it can be used to sync environment variable. The API can be used to access/create/edit secrets stored in Doppler.
- IPs allowlist: Trusted IPs can be set up per environment with a Pro subscription.
- Scopes: Personal and CLI tokens can both read and write in a workspace and service tokens are read-only in a single configuration.
Revoke the secret
An API key can be rolled or revoked on the Doppler workspace dashboard, in the Tokens menu. Every secrets accessible with the leaked doppler token should also be revoked.
Check for suspicious activity
The actions taken with a token can be audited in the workspace dashboard under Activity.
Category: Development tool
High Recall: True
Validity Check: True
Minimum Number of Matches: 1
Occurrences found for one million commits: very rare