Doppler API Key

Description

General

• Documentation: https://docs.doppler.com/reference#api
• Summary: Doppler is a secrets manager, it can be used to sync environment variable. The API can be used to access/create/edit secrets stored in Doppler.
• IPs allowlist: Trusted IPs can be set up per environment with a Pro subscription.
• Scopes: Personal and CLI tokens can both read and write in a workspace and service tokens are read-only in a single configuration.

Revoke the secret

An API key can be rolled or revoked on the Doppler workspace dashboard, in the Tokens menu. Every secrets accessible with the leaked doppler token should also be revoked.

Check for suspicious activity

The actions taken with a token can be audited in the workspace dashboard under Activity.

Details for Doppler apikey

• Family: Api

• Category: Secret management

• Company: Doppler

• High recall: True

• Validity check available: True

• On-premise instances exist: True

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.05

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - dp\.(pt|ct|scim|st\.)

Examples

- text: |
    curl -H 'api-key: dp.pt.zkxYYBKO2oztRQj72SOAA13PmVyTwI7AboM8bknx' 'https://api.doppler.com/v3/workplace'
  apikey: dp.pt.zkxYYBKO2oztRQj72SOAA13PmVyTwI7AboM8bknx
- text: |
    "DOPPLER_SERVICE_TOKEN": { {input: "dp.st.dev.5iSgsylLUh1V8gWGbwbWbO8SHSxs3wkdkYAYE3kI"}, },
  apikey: dp.st.dev.5iSgsylLUh1V8gWGbwbWbO8SHSxs3wkdkYAYE3kI
- text: |
    cli_token: dp.ct.Hz53zCklAAldpZywPRaXPaaYlABB1HOrKgtvyhGL
  apikey: dp.ct.Hz53zCklAAldpZywPRaXPaaYlABB1HOrKgtvyhGL
- text: |
    Token SCIM := dp.scim.IcgO4od2ONhDCys8tELOouUK9RSDCevePjks0yom
  apikey: dp.scim.IcgO4od2ONhDCys8tELOouUK9RSDCevePjks0yom