Security, without all the friction

We’re trusted with serving millions of secrets to developers and their apps in a secure, performant, and reliable way. A love for security is built into the core of our DNA.

Security and reliability woven into the fabric of our infrastructure.

SOC II
(in progress)
We love working with security researchers and professionals
Collaborate with us and the global security research community to improve our security posture.
Report a vulnerability
Rigorous Security Testing
Our projects undergo security-design reviews, threat modeling, and regular penetration tests using independent third-party firms. We also actively engage with the security community through our vulnerability disclosure program for continuous assessment. Dive deeper
Data Tokenization
We secure your data at rest through a mechanism called tokenization, which ensures our systems only store references to your secrets. In the event of a data breach, attackers would only gain access to the references.
Standby Infrastructure
Doppler runs multiple infrastructures in parallel. In the event of an outage, Doppler will route traffic at the DNS layer to a standby cluster ensuring uninterrupted availability.
Active DDoS Mitigation
At the DNS layer, Doppler monitors for traffic pattern anomalies and spikes to ensure you can always fetch your secrets.
Product security, at every layer
From strong default options to granular access controls, Doppler helps your team stay protected while offering flexibility around your workflow.
Reduce Secrets Sprawl
Achieve compliance by using Doppler as your team's central source of truth. Having a central store eliminates scattered secrets - from your servers and repositories to your developers' laptops.
Encrypted Fallback Files
The Doppler CLI automatically saves fallback files on disk so that you can continue to use your secrets when offline. These files are always encrypted and stored in a folder managed by Doppler.
User Auth Tokens
When authenticating with our CLI, Doppler will create a new token scoped to the user and the device they are on. If the machine is ever lost or compromised, you can revoke its access.
Service Auth Tokens
Using your secrets in staging and production is quick and secure with service tokens. Service tokens are linked to a service and grant read-only access to a specific set of secrets.
Enforce Strong Passwords
On each registration and login we check if your password has been leaked in a data breach. If so, we share how many breaches it has been a part of and require you to use another password.
Trusted IPs
Lock down your staging and production secrets by building allow lists of IP ranges that can fetch secrets from the Doppler API. This is a great way to reduce exposure if a service token is ever leaked.
Audit Everything
Audit logs capture an immutable history of nearly every action your team performs.

Actions like modifying secrets or setting trusted IPs can be rolled back with just a click.
Maintain Control
Practice least privilege with granular access controls that are scoped to an environment. Control a user's ability to create, edit, and delete projects.
Use Single Sign-on
For teams on the Pro plan, Doppler supports signing in with G Suite, Okta, OneLogin, and any other identity provider that supports SAML 2.0.

Streamline onboarding by setting the default permissions for each user joining the team.
Okta
Auth0
Azure AD
Salesforce
OneLogin
Google Suite
Active Directory
SAML 2.0
Enable MFA
Protect access to your Doppler account by requiring a security key at login.

Or use a time-based passcode from an app like 1Password, Authy, or Google Authenticator to add another layer of protection to your account.