GITHUB_ restrictions

Hello, I understand why we have restrictions around adding vars that start with GITHUB_, when they integrate with Github.
We have situations where there are a few configs that integrate directly with Heroku/AWS etc., and feel like this validation becomes quite restrictive in such cases. Any chance where this can be a setting that we can disable?

Hi @yugesh!

Welcome to the Doppler Community!

What you’re seeing there isn’t something that’s true universally across all integrations. When we build an integration, we check the third party system for reserved secret names. If they have them, we implement protections on our end to avoid API errors or unexpected behavior from syncing.

In the case of Heroku, HEROKU_ isn’t a reserved prefix. They recommend against using it, but not all HEROKU_ variables are blocked. We do skip secrets from the commonly used Dyno Metadata variables from Heroku along with PORT when syncing though. This is also true for any addon you might have installed (Heroku provides an API that gives us the prefix for variables any addons on the app might be using to set variables).

As far as AWS goes, we do block secret names starting with AWS or SSM. We also block secret values that contain {{*}} (i.e., {{ followed by anything and then }}).

We don’t have any option to make this optional since, in most cases, these rules are also enforced on the remote side and would result in API errors if we didn’t protect against it.


There’s currently no way to