We use Doppler as a centralized secrets management store for sensitive data like application passwords, third-party credentials, and server locations. The biggest benefit of Doppler is that it is the only place we upload this sensitive data. These secrets are then securely shared with the rest of our software ecosystem via Doppler's integrations with Vercel, GCP, GitHub, and Terraform.
We organize our Doppler environment with projects that correspond to the packages you see listed in our GitHub readme. These include:
Each of these projects correspond with a GCP Secret in each of our application GCP accounts. These are managed by Terraform in our repo.
We also have a special project for
GitHub used specifically for GitHub Actions
In each project listed above, we have three environments:
dev, or development, which is for local development, uses only local ports for application and database processes, and contains test/staging credentials for third-party services.
stg, or staging, which is for our staging servers running on our staging GCP account.
prd, or production, which is for our production servers running on our staging GCP account.