Heroku Review App Integration

Hi all,

we are big fans of doppler (solves a lot of painful problems). We are currently using the Heroku Integration and we are missing the feature to sync the secrets to the Review App Stage (Review apps are created on PR openings). Its currently only possible to transfer them to an app but not a pipeline (Pipelines | Heroku Dev Center). Pipelines share env vars with multiple apps so that we don’t need to sync them every time we open a PR.


Hey Lukas and thanks for the feedback!

We’re looking at supporting secrets sync for review apps in late Q2, but until then, here is how you could do this programmatically using the Doppler and Heroku CLI (with help from jq).

Note: Just like the Heroku integration, these steps presume you want to only use Doppler for updating review app variables and any variables manually edited in Heroku will get blown away on sync.

I’m going to refer to review app variables as Pipeline Config Vars for the remainder of this post.

To set up:

  1. Create a Dopler config that will contain the Pipeline Config Vars to sync
  2. Create a Doppler Service Token for that config and export the value as the DOPPLER_TOKEN environment variable
  3. Create a Heroku API Key (required in order to set the CI config vars) by running heroku authorizations:create and export the value as the HEROKU_API_KEY environment variable
  4. Install the Heroku API plugin (as the CLI doesn’t natively support Pipeline Config Vars yet) - heroku plugins:install api

Syncing secrets is then a three-step process:

Step 1: Fetch the PIPELINE_ID for the Heroku app (change your-app-name below)

PIPELINE_ID="$(heroku api GET pipelines | jq '.[] | select(.name=="your-app-name")' | jq -r '.id')"

Step 2: Nullify all Pipeline Config Vars

eval heroku api PATCH /pipelines/$PIPELINE_ID/stage/review/config-vars --body "'{$(heroku api GET /pipelines/$PIPELINE_ID/stage/review/config-vars | jq -jr ' . | to_entries[] | "\"\(.key)\":null",","' | sed 's/.$//')}'"

Step 3 Sync Doppler secrets Pipeline Config Vars

eval heroku api PATCH /pipelines/$PIPELINE_ID/stage/review/config-vars --body "'$(doppler secrets download --no-file --format json)'"

You can also see an example GitHub Action from our Yoda Speak sample app.

Would love to get your feedback on this temporary workaround.

1 Like

Hi Lukas,

Just following up to see if this solution worked for you?