Meet your new secrets manager.

Works on every stack both locally and in production. Effortlessly scales with you as your team and products grow.

Develop Locally

Say goodbye to ENV files, copy/pasting, and sharing secrets over email and Slack.

When developing locally the command line tool smartly fetches the right secrets for your application depending on where you are in the filesystem. When a secret is changed, your application will have it on the next run.

Setup local development


Just about everything in Doppler can be managed through the API and Doppler CLI. If your infrastructure is built with Terraform, shell scripts, or any other infra-as-code, Doppler plays nicely with your build environment.

Our Docker images come packaged with the CLI and other core dependencies like Node.

Explore the Doppler CLI

Secrets Vault

We keep your data safe by using end-to-end encrypted communication channels, encrypting data at rest, and by ensuring our infrastructure never has direct access to your secrets.

With high availability mode enabled by default, the Doppler CLI will also automatically create encrypted fallback files.

Learn more about security


Every change in Enclave is captured through an audit log. These audit logs create a complete picture of history for a given config.

If you ever need to rollback a change, you can do it in a single click in the dashboard or one command in the Doppler CLI.

Learn more about versioning 

High Availability

Worried an outage can bring you down? At every layer in the Enclave stack there is high availability built-in. Our databases run in high availability clusters. The applications serving requests runs on multiple infrastructures, and the Doppler CLI automatically creates encrypted fallback files on every run which are used if you are unable to reach the API.

Learn more about high availability 

Access Controls

Strictly control who can access your Enclave projects and secrets with a granular access control list (ACL).

You can also limit access to a set of trusted IP addresses per config. Read-only service tokens also help reduce exposure when retrieving secrets in staging and production environments.

Learn more about permissions 

Heroku Sync

Enclave loves Heroku! If your applications are running on Heroku, we can sync the secrets on Enclave with your app's config vars on Heroku.

With two-way sync Enclave will know when a Heroku addon like Redis is provisioned. Adding a secret in Enclave will automatically sync with Heroku, which will immediately restart your app with the new secrets.

Learn more about Heroku sync 
“Doppler is Snackpass’ trusted store of secrets. Setting up Enclave as our secrets manager across all our dev machines, CI and production environments was a breeze. With Radar, we ensure that our secrets aren’t compromised in code.”
Udit Jain, CTO @ Snackpass
“As a Fintech company, security and reliability are paramount. Doppler has been critical in maintaining the integrity of our secrets while being extremely easy to use. It’s easily the best secrets management tool I’ve ever used and integrating it into our CI/CD pipeline was a breeze.”
Kenan Pulak, CTO @ Point
"Doppler has enabled our team to achieve more while worrying less. Onboarding engineers and projects is now a breeze and we feel safe with Doppler's attention to detail and high standards for security."
Gavin Mai, CTO @ Carbon
“As a small team with limited resources, we have a million things on our plate, and never enough time. Doppler has made it extremely simple to manage our secrets and onboard new employees. That's one less thing to worry about!”
Courtland Allen, CEO @ Indie Hackers

Thoughts by the Doppler team...

Goodbye ENV Files
What are ENV files and why as an industry should we move away from them?
We Were Vulnerable, You May Be Too
Opening a link in a new tab can allow an attacker to take control of the previous tab?