Hello,
I’d like to request the introduction of an approval workflow when viewing/setting production secrets. The idea being that when a developer wants to read or update a secret, they have to get approval from someone else (possibly a higher role) through the doppler platform.
This has the benefit of giving developers control of production secrets and improves auditing, but reduces the impact of a developer account being compromised and an attacker stealing production credentials. A blanket lock down to an environment will just slow the team down, and put more burden on higher ups (me in our case).
Just a side note, It looks like you tend to put features like this under the “enterprise” plan, and I feel these types of features, such as secret rotation, dynamic secrets, groups/roles are good practices that any sized company should be able to make use of. My small bootstrapped development agency with 5 devs, can afford the team plan, but the enterprise plan is no doubt out of reach for us.
Hi @Nick_Jackson,
Welcome to the Doppler Community!
I believe what you’re after is a combination of Project Permissions and Pull Requests. Project Permissions are available on all plans (although, it’s not really that useful on the Developer plan since all users are Owners on that plan) and Pull Requests will be as well when it finally releases, so you should be good to go under your Team plan.
Can you take a look at those and let me know if that covers what you’re after?
Regards,
-Joel
Thanks for the welcome,
Pull Requests certainly solve the issue around updating secrets, I missed that in the docs.
I am also suggesting an approval flow for requesting secrets too, for example, “Nick requested access to DB_URL on prod”. This tied with dynamic secrets and short TTL’s is quite an interesting combination. The auditing would be useful here too, so that teams know if a production secret has been accessed by a dev, and it ought to be renewed.
Gotcha. Yep, this has come up before and is on our radar. We don’t currently have any firm plans around implementing it yet, but it’s definitely on the table for consideration when it comes to new features we may add in the future.
In October 2024 Pull Requests was removed and replaced with Change Requests.
A flow to request secrets is still being considered.
-James Heimbuck, Principal Product Manager
