Hi @boedy!
Welcome to the Doppler Community!
Your method seems pretty sound for now. I suspect most people currently use a personal token. We typically recommend against that unless you’re on our Enterprise plan and have access to custom roles, which would allow you to create a separate user just for this purpose and assign it a custom role with scoped down permissions (since personal token permissions are typically much broader than what you’d want for this).
We are currently working on something that would let you create a single token that has definable permissions that can access multiple projects and configs. Once that’s available, that will be the ideal option. You’ll still have to create a SecretStore per application, but there’s not a great way around that.
So, probably you have two options – either continue on with the method you’re using now or switch to using a personal token (with its accompanied risk) until the feature I mentioned is released (we’re hoping for first quarter of next year).
Sorry that I don’t have better news for you in the short term here!
Regards,
-Joel
