Importing Bitbucket Secured Variables to Doppler

Hi everyone! :waving_hand:

While working on integrating Doppler with Bitbucket Pipelines, I came across a limitation with the default method of importing environment variables — specifically secured variables.

:puzzle_piece: The Problem

The official Doppler documentation provides a curl-based approach to import variables. However, this method doesn’t handle secured variables properly — they end up being imported as null because Bitbucket doesn’t allow viewing or exporting secured values once set.

This poses a challenge when trying to bring all your environment settings into Doppler for centralized management.

:light_bulb: The Solution

I realized that Bitbucket variables — including secured ones — are accessible during pipeline execution. So, I came up with a workaround using custom Bitbucket pipelines to securely transfer these values into Doppler via the CLI.

Here’s how to do it:

import-variables:
  - step:
      name: Import Bitbucket variables to Doppler
      image: alpine:3.12
      script:
        - apk add wget gnupg
        - wget -t 3 -qO- https://cli.doppler.com/install.sh | sh
        - doppler secrets set DOPPLER_VAR="$BITBUCKET_VAR" --project dopplerprojectname --config dopplerconfigname

:locked_with_key: Note: Replace DOPPLER_VAR and BITBUCKET_VAR with your actual variable names. You’ll need to repeat the doppler secrets set line for each variable you’d like to import. Also, you need to give Collaborator role to the doppler API token.

This method ensures that even secured Bitbucket variables can be seamlessly imported into Doppler, without ever exposing their values.

Hope this helps others facing the same challenge!