LogoLogo
  • Welcome to Release
  • Getting started
    • Quickstart
    • Create an account
    • Prepare to use Release
    • Create an application
      • Create custom application
      • Create from template
      • Servers vs runnables
    • Create an environment
  • Guides and examples
    • Domains and DNS
      • Manage domains
      • DNS and nameservers
        • Configure GoDaddy
        • Configure Cloudflare
        • Configure Namecheap
        • Other DNS hosts
      • Routing traffic
    • Example applications
      • Full stack voting app
      • Flask and RDS counter app
      • Static site with Gatsby
      • Golang with Postgres and Nginx
      • WordPress with MySQL
      • Spring and PostgreSQL
      • Terraform and Flask
      • OpenTelemetry demo
      • Load balancer with hostname
      • Static JavaScript service
      • SSH bastion access to services
      • ngrok and OAuth for private tunnels
      • Using OAuth Proxy
      • Hybrid Docker and static site
      • App Imports: Connecting two applications
      • Example library
    • Running instances
      • Cron jobs
      • Jobs
      • Using Helm charts
      • Using terminal
      • Viewing logs
      • Troubleshooting
        • ImagePullBackoff error
        • CrashLoopBackoff error
        • Exit codes
        • OOM: out of memory
    • Advanced guides
      • Containers guide
      • Application guide
      • Kubernetes guide
      • Create a cluster
      • Upgrade a cluster
      • Managing node groups
      • Patch node groups
      • Hostnames and rules
      • Serve traffic on multiple ports
      • Configure access to your K8s cluster
      • Designing for multiple environments
      • Microservices architecture
      • Monitoring your clusters
      • Performance tuning
      • Visibility and monitoring
      • Working with data
        • Container-based data
        • Seeding and migration
        • Cloud-provided data
        • Golden images
        • Third party
      • Pausing Instant Datasets
        • Application pausing schedules
        • Pause/resume environments
      • Infrastructure as code
        • Terraform
  • Reference documentation
    • Account settings
      • Account info
      • Managing users
      • Build settings
        • Build arguments
        • Build SSH keys
      • Add integrations
      • View clusters and cloud integrations
      • Add datasets
      • Environment handles
    • Workflows in Release
      • Stages of workflows
      • Serial deployments
      • Parallel deployments
      • Rolling deployments
      • Rainbow deployments
    • Networking
      • Network architecture (AWS)
      • Network architecture (GCP)
      • Ingresses
      • IP addresses
      • Cloud-provided services
      • Third-party services
    • Release environment versioning
    • Application settings
      • Application Template
        • Schema definition
      • Default environment variables
      • GitHub
      • Pull requests
      • GitOps
      • Just-in-time file mounts
      • Primary App Link
      • Create application FAQ
      • App-level build arguments
      • Parameters
      • Workspaces
    • End-to-end testing
    • Environment settings
      • Environment configuration
      • Environment variables
        • Environment variable mappings
        • Secrets vaults
        • Using Secrets with GitOps
        • Kubernetes Secrets as environment variables
        • Managing legacy Release Secrets
    • Environment expiration
    • Environment presets
    • Instant datasets on AWS
    • Instant datasets on GCP
    • Instant dataset tasks
      • Tonic Cloud
      • Tonic On-Premise
    • Cloud resources
    • Static service deployment
    • Helm
      • Getting started
      • Version-controlled Helm charts
      • Open-source charts
      • Building Docker images
      • Ingress and networking
      • Configuration
    • GitOps
    • The .release.yaml file
    • Docker Compose conversion support
    • Reference examples
      • Adding and removing services
      • Managing service resources
      • Adding database containers to the Application Template
      • Stock Off-The-Shelf Examples
    • Release API
      • Account Authentication
      • Environments API
        • Create
        • Get
        • Setup
        • Patch
      • User Authentication
      • Environment Presets API
        • Get Environment Preset List
        • Get Environment Preset
        • Put Environment Preset
  • Background concepts
    • How Release works
  • Frequently asked questions
    • Release FAQ
    • AWS FAQ
    • Docker FAQ
    • JavaScript FAQ
  • Integrations
    • Integrations overview
      • Artifactory integration
      • Cloud integrations (AWS)
        • AWS guides
        • Grant access to AWS resources
        • AWS how to increase EIP quota
        • Control your EKS fleet with systems manager
        • Managing STS access
        • AWS Permissions Boundaries
        • Private ECR Repositories
        • Using an Existing AWS VPC
        • Using an Existing EKS Cluster
      • Docker Hub integration
      • LaunchDarkly integration
      • Private registries
      • Slack integration
      • Cloud integrations (GCP)
        • GCP Permissions Boundary
      • Datadog Agent
      • Doppler Secrets Manager
      • AWS Secrets Management
    • Source control integrations
      • GitHub
        • Pull request comments
        • Pull request labels
        • GitHub deployments
        • GitHub statuses
        • Remove GitHub integration
      • Bitbucket
      • GitLab
    • Monitoring and logging add-ons
      • Datadog
      • New Relic
      • ELK (Elasticsearch, Logstash, and Kibana)
  • Release Delivery
    • Create new customer integration
    • Delivery guide
    • Release to customer account access controls
    • Delivery FAQs
  • Release Instant Datasets
    • Introduction
    • Quickstart
    • Security
      • AWS Instant Dataset security
    • FAQ
    • API
  • CLI
    • Getting started
    • Installation
    • Configuration
    • CLI usage example
    • Remote development environments
    • Command reference
      • release accounts
        • release accounts list
        • release accounts select
      • release ai
        • release ai chat
        • release ai config-delete
        • release ai config-init
        • release ai config-select
        • release ai config-upsert
      • release apps
        • release apps list
        • release apps select
      • release auth
        • release auth login
        • release auth logout
      • release builds
        • release builds create
      • release clusters
        • release clusters exec
        • release clusters kubeconfig
        • release clusters shell
      • release datasets
        • release datasets list
        • release datasets refresh
      • release deploys
        • release deploys create
        • release deploys list
      • release development
        • release development logs
        • release development start
      • release environments
        • release environments config-get
        • release environments config-set
        • release environments create
        • release environments delete
        • release environments get
        • release environments list
        • release environments vars-get
      • release gitops
        • release gitops init
        • release gitops validate
      • release instances
        • release instances exec
        • release instances logs
        • release instances terminal
  • Release.ai
    • Release.ai Introduction
    • Getting Started
    • Release.ai Templates
    • Template Configuration Basics
    • Using GPU Resources
    • Custom Workflows
    • Fine Tuning LlamaX
    • Serving Inference
Powered by GitBook
On this page
  • Prerequisites
  • Setting Up Doppler in Release
  • Set Up Kubeconfig for Your Release Cluster
  • Install the Doppler Kubernetes Operator
  • Create a Doppler Token Secret in Kubernetes
  • Configure your application in Release to use Doppler Secrets
  • In this example:
  • Debugging Doppler Secrets Issues

Was this helpful?

  1. Integrations
  2. Integrations overview

Doppler Secrets Manager

The functionality of Release's Doppler Secrets Manager integration and how to set it up

Doppler Secrets Manager allows you to securely manage and inject secrets directly into your Release environments. Integrating Doppler with Release involves setting up the Doppler Kubernetes Operator to synchronize secrets with Kubernetes and then configuring Release to utilize these secrets for various services and jobs.

Prerequisites

Before you begin, ensure you have:

  1. Access to a Release environment with Kubernetes clusters configured.

  2. The Release CLI installed and configured.

  3. A Doppler account with appropriate service tokens generated.

Setting Up Doppler in Release

Follow these steps to integrate Doppler Secrets Manager with Release.

Set Up Kubeconfig for Your Release Cluster

First, use the Release CLI to generate and configure kubeconfig for your Release cluster:

release clusters kubeconfig --account Release --cluster release-development ./
export KUBECONFIG=./config-release-development.yaml

This command fetches the kubeconfig for your Release cluster and sets it as the current context for kubectl.

Install the Doppler Kubernetes Operator

The Doppler Kubernetes Operator allows secrets to be synced from Doppler into your Kubernetes cluster. To install it, add the Doppler Helm repository and install the operator:

helm repo add doppler https://helm.doppler.com
helm install --generate-name doppler/doppler-kubernetes-operator

Create a Doppler Token Secret in Kubernetes

Next, create a Kubernetes secret with your Doppler service token. This token should have the necessary permissions to access the secrets you intend to use. Run the following command, replacing YOUR_DOPPLER_SERVICE_TOKEN with your actual token:

kubectl create secret generic doppler-token-secret \
  --namespace doppler-operator-system \
  --from-literal=serviceToken=YOUR_DOPPLER_SERVICE_TOKEN

Configure your application in Release to use Doppler Secrets

To configure and link Doppler secrets to services in Release, start by defining the secrets you’ll need from Doppler, pointing each set to a specific Doppler project and configuration. Then, link these secrets to your services using the secrets_from field in each service configuration. This setup enables each service to securely access the exact set of secrets it requires from Doppler.

For example, define a development set of secrets for the Rails project and a development-ai set for an AI project. Each set references a Doppler project and configuration, as shown below:

secrets:
# defines the secrets for the Rails project
- name: development
  type: doppler
  namespace: doppler-operator-system # namespace where the Doppler operator is installed (defaults to doppler-operator-system)
  project: rails  # project in doppler
  config: dev     # config in doppler

# defines the secrets for the AI project
- name: development-ai
  type: doppler
  project: ai
  config: dev

Now you can associate these secrets with the appropriate services. The rails service, for instance, can use the development secrets, while an ai-chatbot service accesses the development-ai secrets.

services:
- name: rails
  image: github-org/rails
  secrets_from:
  - development

- name: ai-chatbot
  image: github-org/ai-chatbot
  secrets_from:
  - development-ai

jobs:
- name: chatbot-setup
  image: github-org/rails
  secrets_from:
  - development
  - development-ai
  steps:
  - run: bundle exec rake chatbot:setup

In this example:

The rails service links to the development secrets, which pull from the rails project and dev configuration in Doppler. The ai-chatbot service uses development-ai secrets from the ai project and dev configuration. By defining and linking Doppler secrets in this way, each service has secure, targeted access to only the secrets it needs, simplifying secrets management and enhancing security across your Release environment.

Debugging Doppler Secrets Issues

You may get errors when trying to access secrets from Doppler. To view the logs from the doppler operator, run the following command:

kubectl logs -f deployment/doppler-operator-controller-manager -n doppler-operator-system

This command fetches the logs from the Doppler operator controller manager, allowing you to troubleshoot any issues with secrets synchronization. Common issues include incorrect service account permissions, invalid Doppler service tokens, or misconfigured Doppler projects and configurations.

PreviousDatadog AgentNextAWS Secrets Management

Last updated 2 months ago

Was this helpful?