Anything obvious that I might be missing? In both cases I set the DOPPLER_TOKEN env var with a service token I created for the specific project/environment.
The reason why that’s not working in your second example is that the environment variables are being evaluated in the context of your shell. Helm itself is having the Doppler secrets set as environment variables for it, but that happens after your ${...} variables have been evaluated.
For this to work, you would need to use one of the methods described here to populate your shell session with the secrets from Doppler:
Generally speaking, we don’t recommend doing this since it can be insecure (you’re loading ALL your secrets into your environment in plain text), but it should let you get the job done. You could create an Environment specifically for this that uses secret references and only contains the variables you need to make it a bit more targeted though.
As near as I can tell, there doesn’t appear to be another way to pass environment variables into a Helm chart beyond using the method you’re trying here.
Inside your values.yaml file you would set image.tag to ${GIT_COMMIT} and so on. The envsubst command will evaluate any environment variables in the file and since we’re running that with doppler run, it will have everything you set there. Then you use <(...) to pipe the output from envsubst right into the -f flag of the helm upgrade command.
Give it a shot and let me know if it works for you!
