Enterprise DevOps & Cloud Infrastructure

Creating a Doppler Project

Erik Reinert

Erik Reinert

Enterprise DevOps & Cloud Infrastructure

Check out a free preview of the full Enterprise DevOps & Cloud Infrastructure course

The "Creating a Doppler Project" Lesson is part of the full, Enterprise DevOps & Cloud Infrastructure course featured in this preview video. Here's what you'd learn in this lesson:

Erik introduces Doppler, a tool that simplifies the management of environment variables and secrets. Doppler allows users to organize secrets based on projects, workspaces, and configurations, providing a convenient way to store and access secrets securely. A Doppler project is created and the Doppler CLI is demonstrated.


Transcript from the "Creating a Doppler Project" Lesson

>> So I am gonna go ahead and show you guys really quickly how Doppler works now that you guys have gotten access to it. I'm gonna log into my personal account, so you'll notice here I really use Doppler a lot. As a matter of fact, you can see that same naming convention and structure that we've already talked about.

Where if I go into Doppler and I'm like, okay, I want a specific network's secrets, right, I can just type in network and then there we go. I can look at alt4llc-pulumi-network secrets. I can look at terraform-network secrets. And so this is one of the first things that I really like about Doppler.

Which is that, again, it enables me to have this isolation per service, per person. And what you'll notice as well is that if I go down here, not only do I have one for services, but I even have one for myself, Right? This makes my environment variables for my development environment completely portable.

If you look here, you'll see that I have something called NixOS. Now, the cool thing isn't that I use NixOS. The cool thing is that this is a configuration just for that operating system, just for that computer, right? So say, if you're a developer who has multiple computers, maybe you have a work machine and a personal machine, you can even separate your configs based off of your own problems that you're trying to solve, right?

So for example, at Hippo, where is it? At Hippo, my username is actually ereinert, right? And so basically what I did is I said anything that's in the ereinert workspace is work related and anything in the erikreinert workspace is personal, right? This is tough, this alone is tough to do with dot ends.

You're copying files, you're pasting files, removing them from multiple places. This really solves that problem. The first way it solves it by doing it as if you click on this and then you click on this, here's all your secrets. And it's simple, anybody could look at this and realize what's going on.

It's really easy to use. There's a lot of really cool features with it. It has a version built into it, so every single one of these keys is version. If you change that key, you'll know. And not only that, but let's do something else. Let's go to projects really quickly Let's go to alt4llc-pulumi-bucket.

Look at this. Thank God those were, [LAUGH] I was a little worried that I thought those were secrets for a second. But what's another thing that's really nice about Dopplers is you can use variables with Doppler. So say for example, I wanna config for a specific thing, but I don't wanna have to update it in tons of places.

So with Doppler, what you can do is as you'll see here, it's referencing erikreinert_nixos_AWS_ACCESS_ KEY, which technically means when I provision a bucket, I'm just provisoning it with my own personal access keys, right? But that means that when I'm doing it locally, I can still use the same keys and everything but it's in a different repo.

However, if eventually I get to a point, now this is, again, you might be, why are you doing that? Why would you put your personal secrets in that? Hold on. So the main reason why this is really powerful is, is in the future, if you want to then rotate out and make specific ones, remember, we had that question earlier about how do you manage permissions for each Terraform workspace?

This is a way you could do it. Where you could say, all right, I'm gonna have global access with a specific set of secrets and then I'm gonna create workspaces with their own secrets. And on top of that, you can also rotate secrets. So this is another thing that's really difficult, right?

How do you rotate secrets? There's a bunch of different ways of doing that. And again, this is another reason why I didn't go heavily down the secrets road in this course. It's because there's a lot of different things that you can achieve and a lot of different approaches you can take to using and implementing secrets.

Why I like Doppler is because Doppler kind of goes, all right, well, you've got everything here. So if you wanna rotate, we can rotate for you, right? And so that's what it can even do is you can then add a rotated secret, which will then have its own rotation pattern and things like that.

And it'll get updated automatically. And what's nice about that is is these rotated secrets can also be used with cloud providers. So if you wanna rotate secrets in a cloud provider, say Amazon or something like that, this can go out to Amazon create equivalent secrets in secrets manager or something like that and then it auto syncs the to whenever you make changes.

So if I was a developer and I wanted to have a more abstracted configuration, I could move all of my configs to Doppler, have developers update here and then just redeploy those changes, right? Now their interface isn't even git any more. Now it's this really pretty interface. However, does this pretty interface help us is the question, right?

Now thankfully they do have auditing and things like that, right, I'm not gonna go to it cuz I think it actually shows secrets. But if I went to logs, I would see an audit log of what was changed, when it was changed, and who it was changed by.

And not only that, but I can even revert that. So, going all the way back to the first part of the, this is why it was so important to have those conversations about how to make these decisions, right? Because this is actually really powerful, if you look at what problem it's trying to solve.

Now, could this work with production secrets and services? Yeah, it actually could, you would just have to basically run this and tell this to run your service, right? But you could encapsulate all of your secrets and everything into Doppler with that approach. I'm gonna go to projects. And for starters I'm just gonna say I'm gonna go to erikreinert, I'm gonna go to nixos, and I'm gonna add my AWS_ACCESS_ KEY_ID, DEFAULT_REGION and SECRET_ACCESS_KEY.

So I wanted to make sure I can access Amazon, right? So after I've done that I'm gonna go ahead and open up my Terminal and then, in my Terminal, I keep forgetting I have my keyboard, I'm gonna make sure I have Doppler, all right? So I'll just make sure I have Doppler, I don't need to update, cool.

Okay. So now what I wanna do is I wanna actually see if my credentials are injecting properly. So let's do this first, aws s3 ls. That should fail. In a minute, yeah, it failed. So now let's try the same approach but with Doppler. So what I'm gonna do is I'm gonna say doppler run == config.

The config in this case is nixos. And then the project is my name. And I'm gonna do one last thing and this is a shell thing which is I'm going to indirect into the next command. Now what happens is when I run this Doppler runs first, goes out to Doppler finds my secrets.

Then creates a shell with those secrets injected inside of it. Now, again, if I do aws s3 ls, it's not gonna work. But if I do it this way Doppler is creating a shell with those secrets inside it for that specific execution. Meaning that now I can actually access things, I don't have to have secrets locally, I'd have to be worried about which directory I'm in or what I'm trying to authenticate with.

I can just literally inject my secrets in when I want to and get access to whatever I need. So this is one of the reasons why we're gonna need Doppler. Is because Doppler is what's going to take control of all the secrets we create here so that you guys know where they are.

You guys know how to interface with them. And you guys also know where you can change them if need be. Any questions on Doppler? Does everyone have it installed at least in setup now? You good now? Cool. Okay, so do me a favor really quickly. And if you haven't already go to projects up at the top and create a new project for me.

And I'm gonna just reuse my own, but I would recommend just using your name, just for now we'll just consider this your dev environment, right? So in my case, I would type in, erikreinert, and then give an example like my personal project. My personal project ends right and then click Create Project.

Once you do that, you'll get sent to the project's page. And you might have defaults here. And as a matter of fact here, I'll just go through the process really quickly. So here example project. Something fun, create. So Doppler does try and assume they might know what you have out of the gate and so they give you a development environment and a production environment also to just kind of show you how things work, right?

Now if I was to use these with my AWS CLI wouldn't work, right, cuz I haven't actually added any secrets yet or anything like that. But this at least makes it so that if I had a dev environment and a prod environment, I could make sure that I already am separating those two the way I need.

And then yeah, this is really all we need so far. Yeah, go ahead.
>> Now, mine gave me dev stage and production.
>> Okay. So if it did that, got you, so if it did that, that means that I overrode my settings. There's a button here that says default environments on the right.

Now, I don't use staging. I just go from dev to prod, at least personally. So I got rid of staging for that example. But if you had other names, other environments, things like that, you could do that. So if you wanna have it like mine, you go into Default Environments at the top, and then I think you would just delete whichever one is in there that you want to delete.

And for example, this is another common one, production, right? What do you call prod? Is it prod, is it production, right? This also can give you opportunities. Is it dev? Is it develop, right? To be fair, we call it dev and prod, that's why I have it the way I do.

But yeah, all we wanna achieve right now is just make sure we've got Doppler set up and we have a project created with at least one config. Now, again, if you wanna rename the config, you can actually click on these little three dots here and type in rename, and then you give it the name as well as the slug.

The slug is what we use in our Command, right? So this NixOS is the slug from here, right? So if I wanted to go to staging or something else I would say okay, well, project, project, config, config. Now I apologize I have this incredible OCD when it comes to proper alphabetical.

So technically, you'd probably wanna type it more like this so that it makes sense, right? So your project in this case would be erikreinert. And then your config in this case would be nixos. Or if it was something else, it'd be like dev, right? And another thing that's really nice about this too is, say you are working on a service, like example=service, right?

Well, you can run this in the example service repository. But then later on, you can run against another project, right? And there's no need for these secrets to be on your system or anything like that. Cool. So yeah, just make sure to give it some kind of name that makes sense to you.

And again, at least for this project, we're not gonna use any other environments for now.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now