Link Search Menu Expand Document




brew install dopplerhq/cli/doppler


    # Install pre-reqs
    sudo apt update && sudo apt install -y apt-transport-https ca-certificates curl gnupg

    # Add Doppler's GPG key
    curl -sLf --retry 3 --tlsv1.2 --proto "=https" '' | sudo apt-key add -

    # Add Doppler's apt repo
    echo "deb any-version main" | sudo tee /etc/apt/sources.list.d/doppler-cli.list

    # Fetch and install latest doppler cli
    sudo apt update && sudo apt install doppler
doppler --version

Local Development

In order for the Doppler CLI to access secrets for your projects, it needs an access token. For local development, we use the doppler login command which will open a browser window and ask you to authenticate. This only needs to happen once.

doppler login
Your auth code is:


Welcome, Adithya

In Doppler, access to a project's secrets is scoped to a specific directory in your file system. This allows you to fetch secrets for multiple projects on a single machine.

For each project, the setup command must be run, usually at the repository root level.

doppler setup
? Select a project:  [Use arrows to move, type to filter]
> example-project


Fetch the latest versions of your secrets for your project and selected config using the run command, injecting them as environment variables into the running process from your command or script.

# doppler run -- your-command-here
doppler run -- node app.js

Remove .env File Usage

Now that Doppler is injecting secrets as environment variables, it's best to remove all application code relying on .env files as well as .env files that may still exist locally.

This instantly improves security by removing the storage of unencrypted secrets from your file system and avoids potential confusion as to what the source of truth is for the loading of environment variables.

doppler --print-config | grep config


  1. Automatic Fallbacks
  2. Service Tokens