Ansible shell/command modules with Doppler

I was wondering if I could use Doppler with Ansible. I don’t see any native integrations with Ansible. I know that Ansible has a Hashicorp Vault plugin that uses secrets in Ansible playbooks…

https://docs.ansible.com/ansible/latest/collections/community/hashi_vault/hashi_vault_lookup.html#ansible-collections-community-hashi-vault-hashi-vault-lookup

Since there seems to be no native support for Ansible and Doppler I was thinking I could just use the Doppler Cli with the Ansible Shell or command module? Or maybe the raw module? The reason I ask is that I don’t want Ansible to accidentally leak any of my Doppler secrets.

Is their any planned integrations with Ansible in the future?

Thank You

Hi @Lily and welcome to the Doppler community!

From taking a quick look at the Ansible docs, you should be able to use Ansible’s built-in support for environment variables with the Doppler CLI by running:

# `DOPPLER_TOKEN` environment variable must be set 
doppler run -- ansible-playbook playbook.yml

If triggering the playbook using a GitHub Action, the step could look like:

- name: Ansible Playbook
    run: doppler run -- ansible-playbook playbook.yml
    env:
        DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}

Then I believe inside your playbook, you can reference a Doppler injected environment variable using:

{{ lookup('env', 'SECRET_FROM_DOPPLER') }}

Let me know if that works as I’m not an Ansible user and need to get across it more.

We don’t yet have an Ansible integration, but I’ve added it to our engineering backlog and will let you know once it’s available (although I can’t offer an ETA at this stage).