The Doppler CLI is available in several popular package managers. It's also available as a standalone binary.
Using brew is recommended:
$ brew install dopplerhq/cli/doppler
$ doppler --version
To update:
$ brew upgrade doppler
Alternatively, you can install the CLI via shell script, or via the doppler .pkg
file on the Releases page. These methods will install the doppler binary directly to /usr/local/bin
and do not support seamless updates. To update, you'll need to re-run the installation.
Using scoop is recommended:
$ scoop bucket add doppler https://github.com/DopplerHQ/scoop-doppler.git
$ scoop install doppler
$ doppler --version
To update:
$ scoop update doppler
# add Bintray's GPG key
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 379CE192D401AB61
# add Doppler's apt repo
$ echo "deb https://dl.bintray.com/dopplerhq/doppler-deb stable main" | sudo tee /etc/apt/sources.list.d/dopplerhq-doppler.list
# fetch and install latest doppler cli
$ sudo apt-get update && sudo apt-get install doppler
# (optional) print cli version
$ doppler --version
To update:
$ sudo apt-get update && sudo apt-get upgrade doppler
# add Doppler's yum repo
$ sudo wget https://bintray.com/dopplerhq/doppler-rpm/rpm -O /etc/yum.repos.d/bintray-dopplerhq-doppler.repo
# update packages and install latest doppler cli
$ sudo yum update && sudo yum install doppler
# (optional) print cli version
$ doppler --version
To update:
$ sudo yum update doppler
You can bypass package managers and quickly install the latest version of the CLI via shell script. The script automatically downloads and installs the CLI binary most appropriate for your system's architecture. It is also fully POSIX compliant to support all linux and bsd variants with minimal dependencies.
Note that this installation method is only recommended for ephemeral environments like CI jobs. Longer-lived environments that expect to receive updates should install the CLI via a package manager.
curl -LO https://cli.doppler.com/install.sh || wget https://cli.doppler.com/install.sh
chmod +x install.sh
sudo ./install.sh
You can find the source install.sh
file in this repo's scripts
directory.
We currently publish these Docker tags:
dopplerhq/cli
based onalpine
dopplerhq/cli:node
based onnode:lts-alpine
dopplerhq/cli:python
based onpython:3-alpine
dopplerhq/cli:ruby
based onruby:2-alpine
You can find all source Dockerfiles in the /docker
folder (here).
Here's an example Dockerfile for a Node app:
FROM dopplerhq/cli:3-node
# doppler args must be passed at runtime
ENV DOPPLER_TOKEN="" ENCLAVE_PROJECT="" ENCLAVE_CONFIG=""
COPY . .
# doppler will automatically use the environment variables specified above
ENTRYPOINT doppler run -- node index.js
Build the Dockerfile:
docker build -t mytestapp .
Then run the container:
docker run --rm -it -p 3000:3000 -e DOPPLER_TOKEN="" -e ENCLAVE_PROJECT="" -e ENCLAVE_CONFIG="" mytestapp
To avoid hard-coding the values, you can use the cli's configure
command:
docker run --rm -it -p 3000:3000 -e DOPPLER_TOKEN="$(doppler configure get token --plain)" -e ENCLAVE_PROJECT="$(doppler configure get enclave.project --plain)" -e ENCLAVE_CONFIG="$(doppler configure get enclave.config --plain)" mytestapp
Flags:
--rm
delete the container once it exits-i
attach to stdin; enables killing w/ ctrl+c-t
print output to this terminal-p 3000:3000
the port your app uses to service requests, if any-e DOPPLER_TOKEN=""
pass a token into the environment-e ENCLAVE_PROJECT=""
pass an enclave project into the environment-e ENCLAVE_CONFIG=""
pass an enclave config into the environment
You can download all binaries and release artifacts from the Releases page. Binaries are built for macOS, Linux, Windows, FreeBSD, OpenBSD, and NetBSD, and for 32-bit, 64-bit, armv6/armv7, and armv6/armv7 64-bit architectures.
You can also directly download the generated .deb
and .rpm
packages. If a binary does not yet exist for the OS/architecture you use, please open a GitHub Issue.
You can verify the integrity and authenticity of any released artifact using Doppler's public GPG key. The signatures of all release artifacts are placed in checksums.txt, which itself is then signed.
# fetch Doppler's signing key
gpg --keyserver keyserver.ubuntu.com --recv D3D593D50EE79DEC
# verify content of checksums.txt against signature
gpg --verify checksums.txt.sig checksums.txt
# verify checksum of cli binary (downloaded file name must match download page)
sha256sum --check --strict --ignore-missing checksums.txt
If the signature matches, you'll see output like this:
$ sha256sum --check --ignore-missing --strict checksums.txt
doppler_3.3.2_linux_amd64.deb: OK