Doppler Relay proxy

Max_Levitzky · March 9, 2023, 3:38pm

Hello,
Can Doppler support environments running in private networks without direct access to the internet?Is there any kind of relay available that can acts as an intermediary between the environment and the Doppler cloud service?

Thank you!

watsonian · March 9, 2023, 3:55pm

Hi @Max_Levitzky!

Welcome to the Doppler Community!

You can’t use Doppler directly without internet access and we don’t have any kind of proxy that can be used at this point. That said, there are a couple things you could potentially do here:

Fallback Files - When doppler run executes, it automatically creates an encrypted fallback file it will try using if it can’t reach api.doppler.com on a subsequent run. This alone wouldn’t help you really, however, you can manually generate these using doppler secrets download. If you perform builds from a location that has internet access, then you could fetch the secrets and include the encrypted fallback file with your deployment during the build process. After the deploy, you would then execute with doppler run --fallback /path/to/fallback.json --fallback-only. Out-of-the-box, these encrypted fallback files are tied to the specific access token that was used when they were created, but you can set a passphrase that will then allow it to be used with other tokens by passing in --passphrase your-passphrase-here when creating the file and also when using doppler run (it can also be passed in by setting the DOPPLER_PASSPHRASE environment variable.
Integrations - Depending upon where you’re running from, it might be possible to have Doppler sync your secrets via an integration to the service you’re using. It could then expose those secrets to your deployment in a way that doesn’t require direct access to Doppler. This will be highly dependent on what services you’re using though.

That will hopefully give you some options to work with!

Regards,
-Joel

Max_Levitzky · March 10, 2023, 12:01pm

Hi Joel,
Thanks for your response.
Our private environment has access to a public environment that has internet access , so we could potentially use it as a proxy. Could you confirm that Doppler would not block proxied requests?

Regards,

Max.

watsonian · March 14, 2023, 5:47pm

@Max_Levitzky Sorry for the delay getting back to you! If you have a regular HTTP/HTTPS proxy, then our CLI should support it if you specify that in either the HTTP_PROXY or HTTPS_PROXY environment variables in the environment you’re running the CLI in. In terms of our backend service – we don’t have any kind of generic proxy blocks as far as I’m aware. All requests to our API do run through Cloudflare, but if you get blocked for some reason, just let us know by contacting support@doppler.com (or by opening a ticket at https://support.doppler.com) and we’ll see what we can do to help there.

Topic		Replies	Views
Having a local "Serve" option Feature Requests	1	813	July 25, 2022
Understanding Fallback files Need Help	4	1089	June 11, 2021
Read secret from file in Docker Compose Need Help	5	638	April 10, 2023
Access to doppler secrets in CI/CD pipeline Need Help	2	583	July 3, 2022
Be able to specify a key prefix when downloading secrets Feature Requests	1	764	February 22, 2022

Doppler Relay proxy

Related Topics