We’ve recently started making use of the Doppler Terraform Provider to push configs and secrets from infrastructure provisioning (generated database URLs, creds, etc.) and it’s kind of wonderful for providing a seamless way to ship those secrets across contexts.
One area where we’re struggling, however, is being able to differentiate “generated” secrets from “ones we expect application devs to set themselves” in the UI. Some are obvious enough (crazy long DB addresses from AWS resources), but others are nuanced (i.e. - is this URL generated or configurable?).
One thought we’d had was to try using the “Notes” feature to annotate generated secrets with “Managed by Terraform” or something similar, such that when an end user is in the Doppler UI, there’s some indication that the secret is managed and might get overridden (and in our case, since we don’t use notes for anything else, the yellow “notes” icon can just identify this at a glance without even having to expand, which is handy).
I was going to work on and put out a PR to the terraform repo, but I struggled to find API support for interacting with notes. Is this something I’m missing, or are notes not yet exposed in the API?