Enforce No Missing Secrets

Not sure if there is already a mechanism for this, but we are looking to enforce that there are no missing secrets across the different env root configs. Specifically, we want to ensure that there are no env vars in our dev environment that are not defined in our production environment.

Of course, we can just tell our team to add values to production first, but we would ideally be able to enforce this to protect against human error. One concern would be a member of the team accidentally promoting a value to the dev root config.

There is already a little notification symbol that warns of this, but it would be great to omit secrets that are missing from other root configs or send an email or slack notification when this is the case.

Screenshot 2023-10-24 at 11.35.05 AM

This is important for us because we use the dev environment for our CI tests and want the code to fail in CI if it depends on configs that are not present in production (but we don’t want to use production values in our CI).

Hi @Josh_Rampersad!

Welcome to the Doppler Community!

Currently, there’s no way to accomplish what you’re after without an intermediate step where you compare the environments programmatically yourself. I’ve noted your interest in this on the internal issue we have tracking this.

In the mean time, although not idea, you might be able to accomplish what you’re after using webhooks. You could have a CI job that runs when triggered that compares the environments you care about and then does any alerting you need if a condition you don’t want is found.