Follow along with updates and improvements made to Doppler.

Doppler is now ISO/IEC 27001:2022 certified

Alongside SOC 2 Type II, this validates our access, encryption, and incident response practices against global standards. Protect your data while managing non-human and machine identities to stay compliant in an AI-driven world.

Instead of creating and storing long-lived API tokens, your clusters authenticate using long-lived, non-sensitive IDs, which are automatically exchanged for short-lived, automatically rotating API tokens.

 integration for selecting services by project.

Added support for syncing Doppler secrets with the "unmasked" secret visibility type as 

Added a new source field to SIEM log forwarding payloads to make it easier to identify Doppler logs.

 integration request timeout to improve sync stability.

Fixed an issue when creating new Render integration syncs that caused the form to render improperly in some cases.

September '25 product update

Sync secrets to AWS Parameter Store as Advanced Parameters

 as advanced parameters, regardless of size. Use cross-account sharing while keeping your secrets up to date automatically across environments.

API+Terraform support for managing Rotated Secrets

 through the Doppler API with new endpoints for creating, updating, deleting, and manually rotating credentials. This unlocks full automation support for rotated secrets.

 credentials using AWS Lambda with Doppler, just like Postgres and MySQL. Keep database secrets fresh and secure with the same automation developers rely on.

Assign workplace role to groups in TF Provider

 to new groups in Doppler, making it easier for infrastructure-first teams to automate role management at scale.

 org access tokens when creating integration connections

The project list page now renders faster for workplaces with very large numbers of projects

Added a “Compare Config” option in the config menu to make comparing configs easier

 sync was causing unintended additional service redeploys

Fixed display issues with modal popover windows, where some content was being cut off

 integration that resulted in timeouts/ratelimits when a user had a large number of Postman workspaces attached to their account

Fixed an issue where columns in some tables were hidden when viewed in narrow browser windows

Fixed a bug that prevented users from leaving a workplace under some conditions

Fixed a bug where the selected access permission wasn’t applied when sending a user invite from a workplace with 

August '25 product update

Sync secrets to Bitbucket workspace variables

You can now sync secrets from Doppler directly to 

 workspace variables, without scripts or manual updates. Keep shared secrets up to date across repos with real-time syncing that simplifies CI/CD and improves security.

 from User, Group, and Service Account pages.

 has been released. Update now to stay up to date.

Fixed incorrect rendering of overridden inherited secrets.

 sync to respect the 1000 secret limit when syncing to organization secrets.

Added project description directly on the project detail page.

June '25 product update

Automatically assign reviewers to Change Request Policies

You can now assign default reviewers directly in your change request policies. This ensures the right people are automatically added to every change, saving time and keeping approvals consistent. 

Added indicators on the config list view page that show when a config has a failing sync(s)

Added structured activity log properties to 

 to easily track secret age, identify policy violations, and assign teams to update outdated secrets

Fixed a bug where deleting a secret override in a config that used config inheritance could result in the secret incorrectly being deleted by the sync rather than reverting to the parent value

Fixed an issue which could cause Terraform state inconsistencies in custom roles whenever Doppler introduces new granular permissions

Fixed a bug in the Cloudflare Pages integration where secrets deleted in Doppler were not being deleted in Cloudflare when a sync occurred

May '25 product update

We’ve created the Analytics Dashboard to visualize and eliminate secret-related risks across your stack. From stale secrets to expired reminders and inactive configs, this dashboard gives Enterprise teams the visibility they need to take action before issues arise. Insights are shown one use case at a time for clarity, with easy links to rotate, update, or dismiss. It's proactive security hygiene, built right into Doppler. 

You can now view, manage, and create integration connections and their associated syncs through Integration Access Scoping, giving you tighter control. Whether you're connecting Doppler to CI pipelines or internal tools, Integration Access Scoping helps you enforce least privilege by default. 

 can now be assigned to users and groups, so the right people are notified when it’s time to take action.

 Secret Manager and SSM regional support for Malaysia, Thailand, Calgary, Tel Aviv, and Central Mexico.

Canceled change requests now automatically re-open and are editable, rather than hidden, on the 

Users can now navigate between projects with the new project selector in config pages.

Added Change Request policy evaluations to the 

 for accurate, pre-save visibility into approval status.

Added error badges to the UI to give better visibility into Integration Sync failures.

 tables when a user name is sufficiently long, which hid the role and action buttons.

Redesigned the Doppler sign-in page for a faster, smoother login experience.

 has been released. Update now to stay up to date.

April '25 product update

Keeping secrets and configs in check has been tough with over-permissioned devs and inefficient approvals. Now, both 

 to propose updates securely, assign and enforce reviews, and track every change across environments.

Already using Change Requests? This month we’re introducing a new Enterprise-only feature, 

 Define which changes require policy enforcement, such as all configs in a specific environment or across an entire workplace.

 Set conditions for merging, like requiring multiple reviewers from a designated group or specific individuals.

: Decide whether users can approve their own change requests, aligning with company security policies.

: Users see policy details applied to their changes directly in the preview/details page, with hover tooltips for easy reference.

Added support for creating GCP Secret Manager integrations and syncs via 

You can now create groups from existing users 

 add brand-new users to your workplace at the same time, directly from the 

 integration error message when limits need to be increased.

 syncs to fail when a pre-existing variable on the Vercel side that was also in Doppler was assigned to the Development, Preview, and Production environments in Vercel.

March '25 product update

Doppler now integrates with GitHub Dependabot to keep your secrets automatically synced and your dependencies secure. This ensures Dependabot can access private registries without manual secret updates, enhancing both security and efficiency. Get started by connecting Doppler to your GitHub account and configuring your sync settings 

 syncs and Azure Key Vault (Service Principal) integrations via API

Added the ability for users to reset secrets in a branch to the root's value when the root contains references

Added links that can now direct users to the source of a referenced secret

Added support for syncing multiple secrets to the 

 integration for syncing to Vercel's new custom environments

Fixed request timeouts during SCIM operations when sending emails in workplaces with many users

 sync where sites were only being populated for the first server

 integration that caused it to disable if the redeploy option was enabled for a service that was suspended

February '25 product update

Streamline your CI/CD workflows with Doppler’s new OIDC authentication. Forget about managing long-lived tokens and access secrets securely only when and where they are needed. You can now tie secrets to service accounts, enabling context-aware authorization that works natively with tools like GitHub Actions and other CI tools. 

Improved UX for long secret reminders to prevent long secret reminders from collapsing secret names.

Fixed save error related to inherited secrets where saving a secret that is referenced by a config that also inherits a separate config.

Added the ability to view users who reviewed a 

Added support for syncing to specific environments when creating 

January '25 product update

. This update adds the ability to update AWS resource tags for Secrets Manager and Parameter Store syncs. Tags are critical for categorization, visibility, and consistency and extending this capability to Terraform directly solves a frequent challenge teams have.

 released which provides an increased number of projects that can be fetched at once and allows doppler secrets substitute to use environment vars.

 to the workplace from a projects member page making it easier to take action where you are in the moment.

Fixed a bug where attempting to reveal inherited config values from the config page triggered an infinite loop of requests. 

 from a different project were not affected.

Updated billing page to show usage towards feature limits for your workplace to save yourself the stress of guessing. Users with access to the Billing page can 

Fixed an issue with importing secrets that was preventing importing secrets from another config if they match inherited secrets.

Increased the max number of projects returned from 

Added the ability for users to update the billing email for their workplace via 

 could be stuck in an ‘open’ status after the request was actioned on.

 now lists environments by workspace, making it easier to find the target environment to sync to.

November '24 product update

Customize activity log forwarding with a flexible HTTPS endpoint

 for Activity Log Forwarding—created to give you control over how and where you monitor critical events. Previously limited to select integrations, admins can now direct logs to any third-party aggregator, like BetterStack or Panther, through a customizable webhook. This means you can filter out routine actions and focus on high-priority events, such as unexpected access to production secrets or privilege escalations, for stronger anomaly detection and security insights.

Updated Datadog integration now with OAuth

Now an official Datadog integration, Doppler's rebuilt 

 allows for direct connection from within Datadog’s platform. By upgrading from API-key-based to OAuth authentication, this integration simplifies setup and enhances security, while still giving teams reliable visibility into Doppler activity logs—from secret access attempts to role changes. With Doppler's detailed logs feeding directly into Datadog, teams can catch potential risks quickly and maintain a clear audit trail, all through a native integration.

Added support to sync config secrets into a single 

 secret as a JSON string, providing more flexibility in how you consume Doppler secrets in Azure.

Added the ability to assign workplace roles directly to 

, granting consistent permissions to all members while preventing privilege escalation beyond the manager's own role.

 timeout to 20 seconds, ensuring more reliable request handling for Lambda functions and reducing timeout errors.

 to support service account tokens, making it easier to manage secure access.

Reintroduced our referral program, making it easy to share Doppler with your network—spread the word with a few clicks from the side nav in your Workplace.

, highlighting our integration to automate the rotation & management of database credentials for MongoDB Atlas.

 for customers with extensive repos by loading up to 500, and switching to a text input for faster access when counts are higher—preventing timeouts and simplifying selection.

Moved Workplace invites to the account settings for better organization and easier access.

 suggestions to include secret names from branch configs, making it easier to manage new secrets unique to branches.

Added an in-app prompt for users as their trial ends, directing them to either upgrade with billing details or downgrade—making next steps clear and accessible.

 to ensure smooth syncing for configs with over 20 secrets, preventing update failures and saving troubleshooting time.

Resolved issues in Bitbucket, Deno Deploy, GitLab, and Harness integrations to ensure Inherited Config secrets are fully removed on sync deletion, and fixed Harness re-syncs for configs with over 20 secrets to prevent failures.

October '24 product update

We’ve heard from a lot of you about the struggle to keep secrets and configs in check, and we totally get it! Before Change Requests, teams had two big challenges:

 Developers either had too much access, leading to permission sprawl and security risks, or too little, forcing them to create Jira tickets just to update a secret they couldn’t reach.

: Unlike code, secrets often go live without a thorough review, leading to potential mistakes or vulnerabilities.

 - to give secrets the same thoughtful review process as code. Now you can:

: Developers can propose changes without needing direct access, preventing permissions from getting out of control.

: Changes to secrets go through a review and approval process, helping catch issues before they impact your environment.

: Every change is logged, giving you full visibility and accountability, which is a huge win for compliance!

: Anyone with a Viewer role can suggest updates or changes to secrets.

: A teammate with approval permissions reviews the changes. If all looks good, they hit "approve."

: Once approved, the changes can be applied by the approver or author - triggering any webhooks or syncs you’ve set up.

Change Requests are live today for all workplaces on our Enterprise plan. Head over to our 

September '24 product update

 Our new feature allows you to inherit all the secrets from other configs into new or existing projects, making reusing those common secrets easier. Any changes made in the parent project are pulled into the child project, including secret name changes, without copying and pasting. Users typically used Secret References as a great way to reuse the same value across multiple projects with the ability to change values in a single place. The downsides?

To update the secret name, you have to change it in every project that has the reference.

To add a group of values to new projects, you have to remember which project and config they are in and then add them to your new project.

Config inheritance is available exclusively for Team and Enterprise plans. On our Developer plan? 

August '24 product update


Troubleshooting webhooks just got easier with our new

 feature. Customers previously struggled to see request and response details, making it hard to pinpoint issues. Our new drawer view provides a detailed activity log of individual webhooks, streamlining the troubleshooting process. Head over to the 

Addressed an unintended behavior that allowed recurring reminders from personal configs. This option is now correctly disabled.

Added URL capture in webhook logs and made it easier to review 

 activities with improved table column widths.

 for a more streamlined and visually appealing experience.

Tooltips now include value type errors, providing more transparent and more helpful information.

Resolved an issue that was causing sync failures for some users with 

Added support for KMS keys when syncing to AWS Parameter Store and Secrets Manager.

July '24 product update

Faster value type validation, new 'direct reference' and XML types, and CLI improvements

Validating value types in the Doppler UI was time-consuming and limited. Now, with faster validation, new types like “Direct Reference” and XML, and support for reading and 

 in CLI v3.69.0, your workflow is more efficient than ever. Head over to the 

 by generating a temporary recovery code using a valid Doppler CLI token if they lose access to their MFA device.

Improved error messaging for Log Forwarding connections when expired SSL certificates are encountered.

import secrets from one config into another

June '24 product update

Reference secrets across personal configs

Managing secrets across personal configs was challenging with no way to reference secrets or share values between them. Now, you can easily reference secrets in personal configs from other personal configs. This allows you to consolidate and manage your secrets more efficiently, reducing redundancy, and improving security. 

Fixed a UX issue where the screen jumped when opening the value type menu on a config with many secrets.

 remove users with unverified domains by Workplace admins.

Fixed a highlighting issue where some options would not highlight with keyboard navigation or mouse hover.

 to honor the SUPABASE_ prefix and maximum secret size.

 format in the import secrets modal which allows value type and visibility to be set on import.

Fixed a lag when editing secrets in large configs on Chrome for a smoother experience.

 ResourceNotFoundException will now display a clearer error message like "Function not found: arn:aws:lambda:us-west-2:00000:function:Example”.

 for better readability by truncating long secret names, simplifying the display, and reducing visual clutter.

Improved the Workplace and Account deletion flow experience to ensure clarity and ease of use for this critical action.

May '24 product update

Now, you can set the value type of a secret to ensure the value is in the right format when it is saved in Doppler. You can select to validate types like JSON, JSON5, YAML, and many more from the Doppler dashboard. This feature is available to all plans today. Read more in 

 with the goal of giving you more flexibility and control in how you work with Doppler. Here’s what we’ve released so far:

: We’ve made editing webhooks directly within the UI possible.

: You can now automate the creation and editing of webhooks via our API.

We’ve expanded our Getting Started page for new user onboarding to Workplaces with role-based access.

 where syncs were failing with 400 errors.

Made it easier to add a payment method by auto-opening the billing info form on the Billing page when clicking on an action to add a credit card from another page.

Fixed issues that prevented workplaces from downgrading their plan due to 

Updated the 'Compare By Secret' feature to suggest secret names only from environments the user has read access to.

 could not be changed from restricted to masked if other changes had already been made to the secret.

Improved the error handling in secret sharing from configs, revealing only the secret to be shared rather than triggering errors for restricted secrets not involved in the sharing process.

Optimized load times across Workplaces by resolving an issue where the high project count in one workplace negatively impacted performance when switching between multiple workplaces.

Enhanced the Compare page with fixes for scrolling on long secrets, improved empty state visuals, and streamlined the experience for hiding and showing secret values.


April '24 product update

Ever spent hours debugging only to find out the culprit was an invisible character hiding in your secret value? 

! Now you’ll see a warning displayed whenever leading/trailing whitespaces, invisible characters, or any non-standard characters are present, avoiding future headaches. Rest easy knowing that your secret values are exactly as they should be.

From generating new tokens to keeping tabs on existing ones, everything you need is now at your fingertips with the ability to 

fully manage Service Account Access tokens through the Doppler API

. This update not only simplifies token management but also introduces the capability to set expiration dates for each token. Perfect for those who are looking for more efficiency in their expanding projects and teams.

Introduced a "Secrets not in root" filter in 

 to expedite the identification and promotion of branch-specific secrets to the root config, enhancing config management efficiency.

 to better align with their global scope per project and secret name, enhancing data structure accuracy and user access verification without altering functionality.

 machine restart errors, preventing restarts for machines with 

 enabled to ensure uninterrupted service.

Corrected user group member count display on user page and refined secret name validation error messages for improved clarity.

When importing secrets from a file, masked secrets now correctly display whether or not their value has changed.

 confirmation period to 7 days, providing users with a wider window for domain verification processes.

Expanded permissions for service tokens, now allowing those with write access to update notes associated with secrets

 issue where the maximum config size limit wasn’t being applied as expected.

HASURA_GRAPHQL_BACKWARDS_COMPAT_NULL_IN_NONNULLABLE_VARIABLES

 added to the allowlist, ensuring compatibility with new Hasura Cloud GraphQL variables.

Resolved dashboard and Postgres secret validation bugs, enabling easier creation of new secrets with the unmasked view type and validation of rotated Postgres secret names.

Fixed reconnection issue affecting legacy AWS Parameter Store and Secrets Manager integrations

Improved project navigation stability, eliminating the need for full page refreshes for access to new or renamed projects.

Expanded API capabilities to include the 

, facilitating automated workflows and CI/CD processes.

Changelog

Follow along with updates and improvements made to Doppler.

September '25 product update

Doppler is now ISO/IEC 27001:2022 certified

OIDC is now available for Kubernetes

What else have we been up to?

Enter the new era of secrets management