I’ve just started to work with Doppler and the following requests have come to mind.
Exports to include notes as comments. While we can add notes to variables they are not included when a download option is selected - so causing the loss of the notes /documentation.
There needs to be a far better set of export tools. A user of Doppler is placing a lot of trust in Doppler due to storing of secrets on a third-party platform. The lack of tools to export/backup what has been defined places us users at a high level of risk if Doppler has a business/technical problem.
With regard to including notes in the downloaded environment files (whether .env, JSON, or YAML) – those download files are meant to be used in a purely programmatic way (i.e., consumed by an application) and are not really meant to be consumed by end users. This is why the notes aren’t included.
With regard to having some recourse in the event Doppler has a business or technical problem that would prevent you from fetching secrets from our API – we do have fallback files that can be used in those situations. These should allow your applications to continue working in the rare event that our service has an outage of some kind.
All that said, what I think I’m hearing also is that you’d like some easy way to simply export all of your data from Doppler to store in a secure location for backup/archival purposes. Is that your primary concern? I can definitely pass that along to our Product Team if that’s what you’re after!
“All that said, what I think I’m hearing also is that you’d like some easy way to simply export all of your data from Doppler to store in a secure location for backup/archival purposes.”
Fallback files are not a valid option as they only take a copy of what is being used by the system at hand.
As for the notes - they are human-readable and once you have 50+ entries the web GUI is not a great place to review such info, while I may be the person defining the docker based deployment environment there are rather a lot of other people who need to understand what is going on with the 101 environment variables. It seems a little short-sighted to allow comments with Doppler, but then force me to have to write them all again in another document.
Just to expand on this - the providing of a backup solution is even more critical than I first considered. You can not cleanly export/backup defined environments using any of the current tools as all the current solutions will process any variables that themselves contain variables before exporting the resulting value.
Currently, this leaves the owner of any complex data structures expressed within doppler 100% dependent on doppler - as such as a solution it can not pass any audits that focus on Business Continuity Planning.
The current situation if fully understood by the person doing an audit is likely to place the use of the doppler platform quite high on the list of the potential business threats. Vendors such as Cloudflare and AWS are going to be higher, but they also have a somewhat higher standing and there is an acceptance that if they go down, so does a lot of the internet.
Would you mind elaborating on this point some? As you said, the tools available to download secrets for configs process the values that end up being saved – what exactly are you looking for instead? Is the goal to have a backup that you could re-upload to Doppler in the (unlikely) event of data loss or something along those lines? Or are you wanting to have something you could take to another provider?
If the latter, then I’m not sure exporting unprocessed values would really help too much since it’s unlikely another provider will support the same formatting and/or referencing features that Doppler does (I assume by “complex data structures” you’re referring to using secret referencing to construct values). Are you just wanting the unprocessed values to use as a guide to reconstruct the secret references manually elsewhere if needed?
Oddly to conform to the requests of any audit in the past all I have had to do is show that the business information is available to the business, rather than it can be easily reused by another means. This makes sense as if you have the data it can be translated to an alternative configuration, but if you don’t have the data you can’t even attempt the translation.
So at the most basic, it would be a download of an Environment that retains the values as placed within the secrets without the pre-processing having taken place (with the comments added for good measure). A more advanced solution would be a recursive output that handled the tree of configurations under an Environment or even a complete project as these would meet the requirements of taking backups of business data better.
Being able to reload data to Doppler would also be a logical step - otherwise, how does a client deal with mistakes caused by their own admin staff - currently typing the name of a project in a single field is enough to wipe the project out and so bad actor risk is an issue, let alone any business risk at the Doppler end.
At the moment the only valid backup the system can provide for audits and system recovery are screenshots
Another use for this type of export/import feature - even with the most basic option is that there is currently no way to refacture the configuration - you can not move values between environments/projects. As you may have seen I have also raised the issue of there not seeming to be a way to copy/duplicate an Environment, export/import would at least be a work around.