Hello!
I am trying Doppler for the first time, and working on setting up the AWS Param Store integration. I was hoping Doppler would automatically sync the existing parameters under the path, but it doesn’t seem to be doing that. Is that currently supported? If not, what’s the recommended way on importing the existing params from param store? and How does Doppler make sure params are always in sync, in the odd chance if the param was updated directly on AWS?
Thanks.
Hi @Akshit_Gupta!
Welcome to the Doppler Community!
Sorry that I didn’t get back to you sooner! Our AWS Parameter Store integration doesn’t support importing existing parameters or two-way syncing. That said, you can import them relatively easily using a combination of the AWS CLI and the Doppler CLI.
Assuming your parameters are stored in a format similar to /some/path/PARAM_NAME
, then you can do the following:
PROJECT_NAME=your-doppler-project-name
CONFIG_NAME=your-doppler-config-name
AWS_PARAM_STORE_PATH=/some/path
doppler secrets upload -p $PROJECT_NAME -c $CONFIG_NAME <(aws ssm get-parameters-by-path --path $AWS_PARAM_STORE_PATH --with-decryption | jq '.Parameters[] | { (.Name | split("/") | last): .Value }' | jq -s add)
What that does is pull the AWS Parameters from the designated path as JSON, then manipulates the JSON result into a format the Doppler CLI expects. It then feeds that output into doppler secrets upload
.
Let me know if that works for you!
Regards,
-Joel
Thank You for the response @watsonian.
I think what would be really useful to me is a two-way sync, in the odd chance if the param was updated directly on AWS. Is importing existing parameters automatically or two-way syncing something that is in the pipeline?
@Akshit_Gupta We don’t currently have any plans to support bidirectional syncing. The general idea is that once you’re using Doppler to manage your secrets, it’s the sole source of truth and any changes that need to be made are made there and then sync out to third parties from there.