Permissions on Branch Configs Per User

Consider the following case where every team member has their own database access account when inside their vpn network. You may have a base config with the address but want to have everyone get their own password. For example:

With this setup, I would be able to see the other two users passwords and vice versa. It should be that I can’t see other team members passwords (but currently permissions are environment only - not branch by branch).

I think more fine grained permissions at a branch level would help structure a team workflow better here. However we can work around this and create environments for each team member - which should work as seen below:

What do you all think (are branch permissions too complex - or do they make sense)?

Thanks for your feedback @avaitla16!

While I can see the attraction of isolation at the branch config level, what is the requirement behind this?

We’ve had customers in the past who’ve required isolation at this level because they’re working with totally external contractors. In this case, contractors were service tokens scoped to their particular branch config so they had no secrets write access and no access to the Doppler dashboard.

If this is for internally employed staff, could you help me understand the importance of isolation from a security perspective?

Yes, it’s just that I shouldn’t see (or be able to use) your password that is only for you to connect to the database and you shouldn’t see mine (or be able to use mine). I then tell the team member ok your credentials are available here. We have an audit log in our database of which user logged in and when. But if everyone could see everyone else’s credentials that could be a problem since those users could log in as someone else and may have different grants on that database. From a compliance perspective we can say that every user has their own set of credentials for administrative tasks that are properly restricted.

Thanks for the details @avaitla16 and I can I understand why from a compliance perspective especially, that would be a great feature to have.

I believe our team might be looking to review our current permissions model in Q3 2021 and I’ll ensure this use case is brought into consideration.

Thanks again for your feedback and suggestions!

Have a look at this to get a better sense for the use case: https://www.avaitla16.com/composing-doppler-run-commands

That’s an awesome blog post! Thanks for taking the time to write that up.

Is there any update on this? We have the same issue and branch config level permissions would enable a much more streamlined setup. Admins could set generic secrets (e.g. Azure SAS token) at the root config level, but developers set their own user-specific secrets (e.g. Snowflake username/password) at the branch config level.

Our current setup allows anyone with access to the dev project to view each other’s user-specific credentials set at the branch config level.

Hey @watsonian , would you have any updates on this topic? We’re looking to adopt Doppler at my company and being able to set user permissions at the branch level would be huge. Thank you!

@Mauricio_Cruz @skohlleffel @avaitla16 We released a new Personal Configs feature back in November that should actually address many of the reasons this was desired. This new feature adds a special _personal branch on your environments that’s unique to each of your users who has access to the environment. Only they can view it and any changes they make are just to their own personal config. You can read more about it here: