Terraform Provider Doppler

The Doppler Terraform Provider allows you to interact with your Doppler secrets and configuration.

Usage

terraform {
  required_providers {
    doppler = {
      # version = <latest version>
      source = "DopplerHQ/doppler"
    }
  }
}

variable "doppler_token" {
  type = string
}

provider "doppler" {
  doppler_token = var.doppler_token
}

data "doppler_secrets" "this" {
  project = "backend"
  config = "dev"
}

# Access individual secrets
output "stripe_key" {
  value = data.doppler_secrets.this.map.STRIPE_KEY
}

# Use `tonumber` and `tobool` to parse string values into Terraform primatives
output "max_workers" {
  value = tonumber(data.doppler_secrets.this.map.MAX_WORKERS)
}

resource "random_password" "db_password" {
  length = 32
  special = true
}

# Set secrets in Doppler
resource "doppler_secret" "db_password" {
  project = "backend"
  config = "dev"
  name = "DB_PASSWORD"
  value = random_password.db_password.result
}

# Create and modify Doppler projects, environments, configs, and service tokens

resource "doppler_project" "test_proj" {
  name = "my-test-project"
  description = "This is a test project"
}

resource "doppler_environment" "ci" {
  project = doppler_project.test_proj.name
  slug = "ci"
  name = "CI-CD"
}

resource "doppler_config" "ci_github" {
  project = doppler_project.test_proj.name
  environment = doppler_environment.ci.slug
  name = "ci_github"
}

resource "doppler_service_token" "ci_github_token" {
  project = doppler_project.test_proj.name
  config = doppler_config.ci_github.name
  name = "test token"
  access = "read"
}

Referencing Secrets Using Multiple Access Tokens

terraform {
  required_providers {
    doppler = {
      # version = <latest version>
      source = "DopplerHQ/doppler"
    }
  }
}

variable "doppler_token_dev" {
  type = string
  description = "A token to authenticate with Doppler for the dev config"
}

variable "doppler_token_prd" {
  type = string
  description = "A token to authenticate with Doppler for the prd config"
}

provider "doppler" {
  doppler_token = var.doppler_token_dev
  alias = "dev"
}

provider "doppler" {
  doppler_token = var.doppler_token_prd
  alias = "prd"
}

data "doppler_secrets" "dev" {
  provider = doppler.dev
}

data "doppler_secrets" "prd" {
  provider = doppler.prd
}

output "port-dev" {
  value = nonsensitive(data.doppler_secrets.dev.map.PORT)
}

output "port-prd" {
  value = nonsensitive(data.doppler_secrets.prd.map.PORT)
}

Terraform CDK

Read the Terraform CDK guide to learn more about how to use this provider with Terraform CDK.

Development

Run the following command to build the provider:

make build
# Outputs terraform-provider-doppler binary

Test Sample Configuration

First, build and install the provider.

make install

Update examples/main.tf with the local development provider:

terraform {
  required_providers {
    doppler = {
      source  = "doppler.com/core/doppler"
    }
  }
}

Then, run the following command to initialize the workspace and apply the sample configuration.

cd examples
terraform init && terraform apply

Branch and Release Flow

New work should branch from master and target master in PRs.

To release, create a GitHub Release (and associated tag) on master in the format vX.X.X, following semantic versioning. The release GitHub Actions workflow will automatically build and ship the new version.

Doc Generation

Everything in the docs directory of this repo is automatically generated by terraform-docs and therefore should not be modified by hand.

To add or update docs for resources or data sources, modify the files in examples/ and templates/ and run make tfdocs to regenerate the docs/ markdown.