I’m working on creating pull request previews support for my team. The goal is to create a config branch per pull request preview. This allows developers to customize secrets for just their own pull request preview.

We have a service token that was generated and stored in our CI’s secrets store:

doppler configs tokens create --access "read/write" --config pr_preview --project overwatch --name pr-preview-token --plain

We then try to create a config branch:

doppler configs create --environment pr_preview --name pr_preview_test_v0 --project my-project --token pr-preview-token-value-here

This outputs the following error:

Unable to create config
Doppler Error: You do not have write access.

Is there a way to grant a service token the ability to create configs?

Hi @mattste and welcome to the Doppler community!

Unfortunately not. Service tokens only allow secrets write access to a single config and cannot be used to modify the structure of a project.

A personal token will allow you to do what you’re after but exercise great care as it grants the same level of access as the user account it belongs to.

We are investigating more flexible permission models but for now, a personal token is your best bet for automating the creation of Doppler branch configs.