Doppler
chezmoi includes support for Doppler using the doppler
CLI to expose data through the doppler
and dopplerProjectJson
template functions.
Warning
Doppler is in beta and chezmoi's interface to it may change.
Note: Doppler only supports secrets in the UPPER_SNAKE_CASE
format.
Log in using:
$ doppler login
It is now possible to interact with the doppler
CLI in two different, but similar, ways.
Both make use of the command doppler secrets download --json --no-file
behind the scenes
but present a different experience.
The doppler
function is used in the following way:
{{ doppler "SECRET_NAME" "project name" "config" }}
All secrets from the specified project/config combination are cached for subsequent access and
will not requery the doppler
CLI for another secret in the same project/config.
This caching mechanism enhances performance and reduces unnecessary CLI calls.
The dopplerProjectJson
presents the secrets as json
structured data and is used in the following
way:
{{ (dopplerProjectJson "project" "config").PASSWORD }}
Additionally one can set the default values for the project and config (aka environment) in your config file, for example:
[doppler]
project = "my-project"
config = "dev"
doppler
and dopplerProjectJson
,
for example:
{{ doppler "SECRET_NAME" }}
{{ dopplerProjectJson.SECRET_NAME }}
It is important to note that neither of the above parse any individual secret as json
.
This can be achieved by using the fromJson
function, for example:
{{ (doppler "SECRET_NAME" | fromJson).created_by.email_address }}
{{ (dopplerProjectJson.SECRET_NAME | fromJson).created_by.email_address }}
json
format for this to work as expected.