Ansible Module for Doppler Secrets

Hi All,

I’m new here and while I’m a Red Hat employee, this doesn’t reflect me posting on behalf of Red Hat. That said, I’m super interested in secrets management and, from my short experience, I really like Doppler. As a result, I’ve put together a doppler ansible collection with minimal functionality that does CRUD operations on secrets. Hope it helps people, and I’d love some feedback on the helpfulness of the repository:

Code: GitHub - dcostakos/doppler: Doppler Ansible Secrets Collection

Example Playbook

  - name: Test creating Doppler secret
    dcostakos.doppler.doppler_secrets:
      name: MY_SECRET
      project: example-project
      config: dev
      token: "{{ doppler_token }}"
      value: "my first secret is special"
    register: secret

  - name: Print out value of the secret
    ansible.builtin.debug:
      var: secret

  - name: Test lookup plugin
    ansible.builtin.debug:
      msg: "{{ lookup('dcostakos.doppler.doppler_secrets', project='example-project', token=doppler_token, config='dev', name='MY_SECRET') }}"

  - name: Test updating Doppler secret
    dcostakos.doppler.doppler_secrets:
      name: MY_SECRET
      project: example-project
      config: dev
      token: "{{ doppler_token }}"
      value: "step 2 (update)"
    register: secret

  - ansible.builtin.debug: var=secret

  - name: Test for non-existing secret
    dcostakos.doppler.doppler_secrets:
      name: NOT_MY_SECRET
      project: example-project
      config: dev
      token: "{{ doppler_token }}"
      state: absent

  - name: Delete existing secret
    dcostakos.doppler.doppler_secrets:
      name: MY_SECRET
      project: example-project
      config: dev
      token: "{{ doppler_token }}"
      state: absent

Hi @Dave_Costakos , I have created an account on this forum in order to thank you.

Your ansible collection is incredibly useful, idempotent and well designed, no doubt you are an ansible expert. It has helped me adopting doppler as a viable HashiCorp Vault alternative, since the later has a well known integration with ansible.

Kudos !

I’m glad someone is using it! Thanks

I do not know if you are still monitoring this thread, but I’ve just started to look at your Ansible interface.

Until now I’ve just used the Doppler CLI to define environment variables as and when I run an Ansible playbook. As the consoles for Ansible have improved, moving from running playbooks from the command line and instead placing them into a console looks like a far better option. So having something like your collection to replace the Doppler CLI is rather important.

Hey, thanks! I’m happy you find it useful and let me know or open an issue if you need stuff and I’ll do my best. This is definitely a ‘side of my desk’ type of thing. Transparently, I’ve stopped updating it, but I’d be willing to do some stuff if people want things.

Unless the API changes there should be no real reason for any general updates.

I have posted the following in the request section

As it stands the API requires more work than using the CLI as the CLI will automatically retrieve the environment and config names. Trying to emulate this via the API when retrieving secrets could result in hitting the API rate limits without additional coding. The CLI is also likely to be coded to use the get all secrets endpoint, rather than the get a single secret endpoint so again reducing the risk of hitting the rate limits.