Not-So-Secret Configs

Dangeruss · January 7, 2021, 4:15pm

Hey Doppler Team! I hope this finds you well!

I’ve just started my team using Doppler and so far it’s an absolute delight for both simplicity (particularly local development) and transparency (much more accessible, though safely so, than our previous Keybase-based hacks).

One thing I’m curious about is whether or not there are any plans to include support for “obviously-non-secret” configs in Doppler? One of the major niceties of Doppler for us is having a single place to manage configs that differ from one environment to the next, and to cleanly pull those during development and debugging as well, and while I could absolutely move environment variables into into Doppler, it feels wrong/awkward to shoe-horn non-secrets into the “secret store”.

Use Case: I’ve got a service that connects to about a dozen 3rd-party APIs, and for each API there are approximately 3 pieces of information to configure depending on which environment I’m deploying:

Base URL
Username
Password

In this example, I’d love for these pieces of information to be configured in the same place for clarity, but neither the URL nor the username are really secrets (username could and probably should be considered secret, but I digress).

Any thoughts would be greatly appreciated!

ryan-blunden · January 7, 2021, 4:19pm

Hey Russ,

I can tell you from experience that the benefits of having everything in Doppler is totally worth it, regardless of whether a variable is secret in nature or not. I think of Doppler as a universal app config manager, so it can store all manner of config and secrets equally well.

Also, we don’t, and won’t ever charge based on the number of secrets stored so there is no practical reason why you wouldn’t put everything in Doppler.

Does that help clarify things for you?

brian-vallelunga · January 7, 2021, 4:26pm

@Dangeruss just to add on to what @ryan-blunden has mentioned. We mainly call the variables in Doppler secrets to show that you can and should store sensitive data in Doppler. The added benefit of this approach is that your app config variables like a port, are just as secure as your sensitive data, like a database url. Plus you get to manage all of them (app config + secrets) in one dashboard. I hope this helps and super excited to have you on Doppler!

Dangeruss · January 7, 2021, 4:21pm

@ryan-blunden Thanks for the sanity check! That makes plenty of sense, and I felt that was likely a viable path forward, but I don’t know enough about canonical Doppler usage to know if that was a suggested usage pattern or if it was an anti-pattern.

@brian-vallelunga Thanks for doubling down on Ryan’s comments!