dopplerhq / cli Goto Github PK

View Code? Open in Web Editor NEW

217.0 7.0 44.0 38.22 MB

The official CLI for interacting with your Doppler secrets and configuration.

Home Page: https://docs.doppler.com

License: Apache License 2.0

Go 86.23% Shell 13.67% Makefile 0.10%

doppler secrets doppler-cli cli secret-management secrets-management secrets-manager security environment-variables

cli's People

Contributors

Stargazers

Watchers

Forkers

raid55 ryanwmitchell tmfrook aaronspindler stephenlacy suryatmodulus twinsmission jlarmstrongiv kdsjfl saramartine89 reyza818 rwilliams251 aquinoit motdotla aetotvl6789 remorses adamlaska adeboyedn mariawitch pks-os sathishvjd rannn505 harunor realmarkoprifti m0rphtail ryan-blunden fwomp wcc-analytics truesoni m-arifrizki somith11 hilalattamimi aravindb26 ehershey 1337cybersecurity lamrecognitions alexzevnoski4060 rockysharma009 aisrael tarun5139 housepwn thetechoddbug seanpm2001

cli's Issues

[BUG] Missing public key for GPG (apt update on ubuntu)

Describe the bug
I had previously installed the Doppler cli via the shell script (a while ago). Now on my apt update, I am getting the following error:

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.doppler.com/public/cli/deb/debian any-version InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY DE2A7741A397C129

Expected behavior
I expect my package cache to update.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: POP OS 22.04 (Ubuntu)

CLI Version:
Version 3.52.1

It looks like you public gpg key needs to be updated.

Unable to install the latest Doppler CLI [BUG]

Describe the bug
I can't update to the latest Doppler CLI.

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

In a console, type doppler update
After it prints ? Install Doppler CLI v3.24.3 (Y/n), type y
See error (under Screenshots)

Expected behavior
I expect it to update the Doppler CLI.

Screenshots

? Install Doppler CLI v3.24.3 Yes
Updating...
Unable to install the latest Doppler CLI
Doppler Error: exit status 2

Desktop (please complete the following information):

OS: Ubuntu
Version 20.04.1 LTS

CLI Version:
Version 3.23.2

Additional context
No idea why this is happening. What does exit status 2 mean?

[BUG] unknown shorthand flag: 'c' in -c

Describe the bug
I'm using a Gitlab CICD to manage a project, I have created a job to get the env variables into a dotenv file to deploy a docker container, how ever it fails to get the secrets

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.
This is what I have in my .gitlab-ci.yml

image: dopplerhq/cli:3.31
  script:
    - doppler secrets download --format=env-no-quotes --no-file > .env
  artifacts:
    paths:
      - .env

However I'm getting this error in the terminal
Executing "step_script" stage of the job script 00:01 Using docker image sha256:5d3bba437f2ec4624e61f573eef5b2d3869b81bfef959174a08ca4c240a60e05 for dopplerhq/cli:3.31 with digest dopplerhq/cli@sha256:6061cf338badf1a88950f9e7da2c3b6a9da3653136e393bab2e2fd50154e51b7 ... Error: unknown shorthand flag: 'c' in #-c

Expected behavior
As a workaround I'm using a custom docker image with Doppler installed so I'm getting a dotenv file as artifact

Desktop (please complete the following information):

Docker Image: dopplerhq/cli:3.31

CLI Version:
3.31

Additional context
Add any other context about the problem here.

[FEATURE] Automatically source env on terminal open in VSCode

Is your feature request related to a problem? Please describe.

I wouldn't say that I like typing "doppler run " each time I use my CLI.

Describe the solution you'd like

I would like to have a doppler source command to source environment variables to the local terminal.
I would also like to have a VSCode or ZSH integration that would do that for me.

Describe alternatives you've considered

I wrote this command to download and source secrets to the local terminal:

eval $(doppler secrets download --format env --no-file --fallback-only)

I am still wondering how to run a command on each ZSH terminal open.

Final solution for me

I've created an alias that I run each time I want to seed environment variables to the current terminal:

alias denv="eval \$(doppler secrets download --format env --no-file --fallback-only)"

Then, I can call it like this:

denv

Additional context

My IDE is VSCode.

[FEATURE] secrets download --show-notes

Is your feature request related to a problem? Please describe.
I would like to download secrets in env format with secret notes as comments.

Describe the solution you'd like
Extra flag --show-notes or similar name with --format env would download secrets this way (example):

# REDIS_HOST notes from Doppler
REDIS_HOST="1.2.3.4" 
# REDIS_PORT notes from Doppler
REDIS_PORT="6379"
VARIABLE_WIHOUT_NOTES="bar"

Describe alternatives you've considered
n/a

Additional context
n/a

[FEATURE]: doppler import supporting loading a template via a URL

The template value supplied to doppler init should also be able to accept a URL.

My reasoning is that we want to be able to help folks easily set up a Doppler project for open source applications, but it's highly unlikely in most cases that we'll get a doppler.yaml file merged into the source repo, official Dockerfile etc.

Being able to run something like doppler import https://github.com/DopplerUniversity/doppler-app-templates/blob/main/templates/mongodb-tls.yaml would allow us to document how users can still use doppler import with examples that we provide.

[BUG] Unexpected 404 using CLI install script

Describe the bug
Doppler CLI failed in GitHub Actions

To Reproduce
We've encountered this issue twice today. Retrying the GHA fixes it. It seems random.

Run dopplerhq/cli-action@v1
DEBUG: Detected OS 'linux'
Error: Command failed: /home/runner/work/_temp/b7f2[4](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:5)b0d-12a2-4142-9df9-2af7cfe41004 --debug --no-package-manager --install-path /home/runner/work/app/app/bin
DEBUG: Detected OS 'linux'
DEBUG: Detected architecture 'amd64'
DEBUG: Detected format 'tar'
DEBUG: Using /usr/bin/gpg for signature verification
DEBUG: Using temp directory /home/runner/.tmp.LXu390YX
Downloading Doppler CLI
DEBUG: Using /usr/bin/curl for requests
DEBUG: Downloading binary from https://cli.doppler.com/download?os=linux&arch=amd64&format=tar
DEBUG: Request failed with http status 404
DEBUG: Response headers:
DEBUG: HTTP/2 302 
date: Mon, 27 Feb 2023 20:12:48 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://github.com/DopplerHQ/cli/releases/download/3.[5](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:6)[6](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:7).0/doppler_3.56.0_linux_amd64.tar.gz
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-cli-version: v3.56.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: [7](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:8)a0393cf2ede2430-IAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

HTTP/2 302 
server: GitHub.com
date: Mon, 27 Feb 2023 20:11:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/212754358/7c1a3434-7715-4bb6-9db3-c9f958e234c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230227%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230227T201132Z&X-Amz-Expires=300&X-Amz-Signature=078492b74ee387f6caa4d76d1909112659577e1f1504d2948be159eab6545a3d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=212754358&response-content-disposition=attachment%3B%20filename%3Ddoppler_3.56.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 8018:1074:6747CCE:98144AF:63FD0EC0

HTTP/2 404 
x-powered-by: Next.js
etag: "vhz11azbu12qy"
content-type: text/html; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: BFD2:58C3:290D9D:1D4C740:63FD0E7B
accept-ranges: bytes
date: Mon, 27 Feb 2023 20:12:48 GMT
via: 1.1 varnish
age: 67
x-served-by: cache-iad-kiad7000113-IAD
x-cache: HIT
x-cache-hits: 1
x-timer: S1677528768.153504,VS0,VE1
vary: Accept-Encoding
content-length: 3562

404

ERROR: Binary download failed with status code 404.

Please report this issue:
https://github.com/DopplerHQ/cli/issues/new?template=bug_report.md&title=[BUG]%20Unexpected%20404%20using%20CLI%20install%20script
DEBUG: Removing temp directory

DEBUG: Detected architecture 'amd64'
DEBUG: Detected format 'tar'
DEBUG: Using /usr/bin/gpg for signature verification
DEBUG: Using temp directory /home/runner/.tmp.LXu390YX
Downloading Doppler CLI
DEBUG: Using /usr/bin/curl for requests
DEBUG: Downloading binary from https://cli.doppler.com/download?os=linux&arch=amd64&format=tar
DEBUG: Request failed with http status 404
DEBUG: Response headers:
DEBUG: HTTP/2 302 
date: Mon, 27 Feb 2023 20:12:4[8](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:9) GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://github.com/DopplerHQ/cli/releases/download/3.56.0/doppler_3.56.0_linux_amd64.tar.gz
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-cli-version: v3.56.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a03[9](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:10)3cf2ede2430-IAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

HTTP/2 302 
server: GitHub.com
date: Mon, 27 Feb 2023 20:11:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/212754358/7c1a3434-7715-4bb6-9db3-c9f958e234c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230227%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230227T201132Z&X-Amz-Expires=300&X-Amz-Signature=078492b74ee387f6caa4d76d1909112659577e1f1504d2948be159eab6545a3d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=212754358&response-content-disposition=attachment%3B%20filename%3Ddoppler_3.56.0_linux_amd64.tar.gz&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-62[10](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:11)df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 8018:1074:6747CCE:98144AF:63FD0EC0

HTTP/2 404 
x-powered-by: Next.js
etag: "vhz[11](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:12)azbu[12](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:13)qy"
content-type: text/html; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: BFD2:58C3:290D9D:1D4C740:63FD0E7B
accept-ranges: bytes
date: Mon, 27 Feb 2023 20:12:48 GMT
via: 1.1 varnish
age: 67
x-served-by: cache-iad-kiad70001[13](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:14)-IAD
x-cache: HIT
x-cache-hits: 1
x-timer: S1677528768.[15](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:16)3504,VS0,VE1
vary: Accept-Encoding
content-length: 3562

404

ERROR: Binary download failed with status code 404.

Please report this issue:
https://github.com/DopplerHQ/cli/issues/new?template=bug_report.md&title=[BUG]%[20](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:21)Unexpected%20[40](https://github.com/tolahq/app/actions/runs/4286420974/jobs/7465970770#step:4:41)4%20using%20CLI%20install%20script
DEBUG: Removing temp directory

Expected behavior
Doppler CLI is successfully installed

[BUG] Env variables not populated if running as sudo.

Describe the bug
If I run a program as sudo, the env variables that should be populated by doppler, aren't.

To Reproduce
A simple javascript file

console.log("ENV: " + process.env.MY_AMAZING_VAR);

If I run

doppler run -- node test.js

I get back

ENV: My amazing var's value

But if I run as root

doppler run -- sudo node test.js

I get

ENV: undefined

Expected behavior
To have my ENV var populated, whether or not I use sudo.

Desktop (please complete the following information):

OS: macOS
Version 12.0.1 (21A559)

CLI Version:
Version 3.36.0

[FEATURE] Dedicated command for the CLI to check if I'm already logged in

Is your feature request related to a problem? Please describe.
Hey,
I want to create an integration with the doppler CLI. Therefore I want to check, if I'm already logged in.

Describe the solution you'd like
I thought of having a dedicated doppler me command, which prints all the information about my login status.

Describe alternatives you've considered
Is there already a mechanism I could use for that?

Additional context

No additional context.

[BUG]

Describe the bug
I'm trying to build a docker image with doppler installed, I'm following the installation guide

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh
RUN doppler --version

Expected behavior
Get Doppler in my docker image.

This is the output

 ---> Running in 293995beb203
/bin/sh: doppler: not found
The command '/bin/sh -c doppler --version' returned a non-zero code: 127

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: MacOS
Alpine: 3.13

CLI Version:
Version latest

Additional information
Dockerfile

FROM docker:latest

RUN apk update
RUN apk add --no-cache python3 py3-pip npm curl wget

RUN pip3 install awscli
RUN npm install -g envsub
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.20.0/bin/linux/amd64/kubectl
RUN chmod +x ./kubectl
RUN mv ./kubectl /usr/local/bin/kubectl

RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh
RUN doppler --version

[FEATURE] Allow baseConfigDir to be configurable

Is your feature request related to a problem? Please describe.

I'm trying to run doppler run in a docker container with USER nobody. However this fails with message Doppler Error: mkdir /nonexistent/.doppler: no such file or directory. This is due to baseConfigDir = utils.HomeDir() in config.go calling out to os.UserHomeDir() which for nobody is /nonexistent (which is not writable).

Describe the solution you'd like

A flag that lets me specify what baseConfigDir should be.

Describe alternatives you've considered

My options right now are to not use nobody, or to manually set $HOME so os.UserHomeDir() returns something I've prepared to be writable (this feels hacky).

Additional context

N/A

Test 2

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. macOS]
Version [e.g. 10.15.1]

CLI Version:
Version [e.g. 1.0.0]

Additional context
Add any other context about the problem here.

ArchLinux AUR Package

Was evaulating Doppler but it ended up being not quite what I was looking for.

Somehow ended up packaging the Doppler CLI as an ArchLinux AUR package along the way.

Leaving the PKGBUILD here in case it is helpful to someone else. Feel free to adopt it officially.

Only tested on x86_64.

Good luck with your product!

# Maintainer:
pkgname=doppler
pkgver=3.23.1
pkgrel=1
epoch=
pkgdesc="CLI for Doppler, a universal secrets manager"
arch=(
  "x86_64"
  "i686"
  "armv6h"
  "armv7h"
  "aarch64"
)
url="https://www.doppler.com/"
license=('Apache')
groups=()
depends=()
makedepends=()
checkdepends=()
optdepends=()
provides=()
conflicts=()
replaces=()
backup=()
options=()
install=
changelog=

source_x86_64=(
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_amd64.tar.gz"
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_amd64.tar.gz.sig"
)
sha256sums_x86_64=(
  "eff87d120fbbfc4c2d6ed1496b78b5cbca1bbd6979de9251ec40501942d3637c"
  "SKIP"
)

source_i686=(
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_i386.tar.gz"
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_i386.tar.gz.sig"
)
sha256sums_i686=(
  "94e0c527c9c08ae1690527c13abb14c898aaa034fb37d30399b4b5edbfa72a98 "
  "SKIP"
)

source_armv6h=(
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_armv6.tar.gz"
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_armv6.tar.gz.sig"
)
sha256sums_armv6h=(
  "6e78e7490498233f1980365c865811f0bfd1c497d98924dd99f0ddc50834d344 "
  "SKIP"
)

source_armv7h=(
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_armv7.tar.gz"
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_armv.tar.gz.sig"
)
sha256sums_armv7h=(
  "20d61edfe9e3c1843ed9436c1b460b85f329520dde08c829a83a931009a752c6 "
  "SKIP"
)

source_aarch64=(
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_arm64.tar.gz"
  "https://github.com/DopplerHQ/cli/releases/download/3.23.1/doppler_${pkgver}_linux_arm64.tar.gz.sig"
)
sha256sums_aarch64=(
  "cce7037fedac37a57b3ba378228eee68d07fd1eed6f8542f8919678067c7478d "
  "SKIP"
)

noextract=()
validpgpkeys=(
  "B70BD7FCA460C4A3D0EEB965D3D593D50EE79DEC"
)

package() {
  mkdir -p "${pkgdir}/usr/bin"

  cd "${srcdir}"
  install -m755 -t "${pkgdir}/usr/bin/" doppler
}

[FEATURE] Special Handling for KUBECONFIG

Is your feature request related to a problem? Please describe.

kubectl can only be configured by setting KUBECONFIG to a file path and having the file contain the configuration.

Describe the solution you'd like

When KUBECONFIG exists within a config and we use doppler run, the contents should be mounted and KUBECONFIG env should point to the mounted location

Describe alternatives you've considered

Nothing is really good, we need to write the file to a location ourselves - but Doppler can already do some nice mounting stuff

Additional context

N/A

Testing

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

Go to '...'
Click on '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. macOS]
Version [e.g. 10.15.1]

CLI Version:
Version [e.g. 1.0.0]

Additional context
Add any other context about the problem here.

[BUG] Unexpected 404 in CLI install script

Last test.

[QUESTION] Will the v1 api continue to be supported?

Hello, this is not an issue just a question.

It is clear that the legacy doppler cli's are EOL based on: https://doppler.com/changes/all-clients-are-end-of-life

I am curious if there are plans to EOL the v1 api as well? My fear is that since the "token" section of the website is listed under the "legacy" tab that this is the case.

My employer is currently using doppler as the source of truth for our secrets. Based on some reasons those secrets were fetched from doppler in ci/cd and inserted directly into ecs task-definitions and lambda config envs. I am working on removing those values from the config and moving to a system where we fetch the values directly from doppler in the application runtime. It seems that the "doppler" way is to execute my program as a command line arg to the doppler cli, which will inject the secrets as environment variables. I am not particularly impressed with that design decision for a number of reasons like: unnecessary added complexity, uncertain usage with lambda, inability to modify secrets without an application deploy, ... etc. I would much prefer to fetch the secrets as needed and I was very happy to discover the v1 api. BUT before I go any further down that path I wanted to get some clarity on the doppler roadmap just in case there are any plans for removing the public api altogether.

Thank you for your response

[BUG] the info message printed with fallback should be sent to stderr, not stdout

Describe the bug
I was trying to do

myvar="$(doppler run --fallback-only -- some command here)"

...expecting to just get the output of some command here, however the output Reading secrets from fallback file is also part of the value of myvar

To Reproduce

Expected behavior
Only after experiencing this error did I discover the --silent flag which works to eliminate this message. I think it's pretty standard for such messages to go directly to stderr instead of stdout. What do you think?

Screenshots

Desktop (please complete the following information):

OS: alpine
Version latest

CLI Version:
Version 3.34.1

Additional context

[DOCKER]

Base Image with Version
[e.g. node:lts]

Docker Hub Link
[e.g. https://hub.docker.com/_/node]

The changes work well for me :+1:

The changes work well for me 👍

I confirmed that all three preference values work well, with different nested structures. Git operations on the nodes also work well and are properly handled by all three preference values.

Originally posted by @vince-fugnitto in eclipse-theia/theia#11256 (review)

[BUG] `dopper update` fails on Arch Linux

Here's the result of doppler update --debug, running on Arch Linux:

➜ doppler update --debug
Debug: Using config file /home/leo/.doppler/.doppler.yaml
Debug: Reading config file
Debug: Checking for latest version of the CLI
Debug: Performing HTTP GET to https://api.github.com/repos/DopplerHQ/cli/releases/latest
An update is available.
? Install Doppler CLI v3.23.1 Yes
Updating...
Debug: Performing HTTP GET to https://cli.doppler.com/install.sh
Debug: Writing to temp file /home/leo/.install.sh.024855874
Debug: Executing install script
Debug: Executing "/home/leo/.install.sh.024855874 --debug"
DEBUG: Detected OS 'linux'
DEBUG: Detected architecture 'amd64'
DEBUG: Detected format 'rpm'
DEBUG: Checking for gpg binary
DEBUG: Using temp directory /home/leo/.tmp.phAvVJhH
Downloading latest release
DEBUG: Using /usr/bin/curl for requests
DEBUG: Downloading binary from https://cli.doppler.com/download?os=linux&arch=amd64&format=rpm
DEBUG: Download binary signature from https://cli.doppler.com/download/signature?os=linux&arch=amd64&format=rpm
DEBUG: Download public key from https://cli.doppler.com/keys/public
DEBUG: Downloaded CLI v3.23.1
DEBUG: Verifying GPG signature
DEBUG: Signature successfully verified!
Installing...
error: cannot open Packages database in /var/lib/rpm
error: cannot open Packages database in /var/lib/rpm
ERROR: script failed during execution
DEBUG: Removing temp directory

Unable to install the latest Doppler CLI
Doppler Error: exit status 1

My guess is that the problems arise from the following snippets in install.sh:

Package manager detection:

cli/scripts/install.sh

Lines 144 to 150 in ef7601f

    
           if [ "$USE_PACKAGE_MANAGER" -eq 1 ]; then 
        
             if [ -x "$(command -v dpkg)" ]; then 
        
               format="deb" 
        
             elif [ -x "$(command -v rpm)" ]; then 
        
               format="rpm" 
        
             fi 
        
           fi

RPM installation:

cli/scripts/install.sh

Lines 274 to 286 in ef7601f

    
           elif [ "$format" = "rpm" ]; then 
        
             mv -f "$filename" "$filename.rpm" 
        
             filename="$filename.rpm" 
        
             if [ "$INSTALL" -eq 1 ]; then 
        
               echo 'Installing...' 
        
               rpm -i --force "$filename" 
        
               echo "Installed Doppler CLI $(doppler -v)" 
        
             else 
        
               log_debug "Moving installer to $(pwd) (cwd)" 
        
               mv -f "$filename" . 
        
               echo "Doppler CLI installer saved to ./$file.rpm" 
        
             fi

There are two problems here:

Even though I have rpm installed, that's actually not my primary package manager. My primary package manager is pacman. I have rpm installed for development purposes (I totally get that this is an edge case for users).
Even if rpm were my primary package manager, rpm -i requires sudo, so this was always doomed to fail.

My recommendation is to always try to install into /usr/local/bin (or in the location of an existing which doppler), and not bother trying to interact with package managers. On developer workstations, I expect you'll frequently run into the "package manager requires sudo" problem, and in CI or other automated environments (where the user may actually be running as root), your users probably don't want to be automatically downloading and executing an arbitrary update anyway.

(As another note, I also manage an open source CLI repository. I've found it very useful to add directions into the bug reporting template to provide the --debug output. You might want to do the same.)

[BUG] Unsupported architecture

Doppler cli is not available on mips architecture (exact device Onion Omega2Pro, operating system OpenWRT)

Test issue

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. macOS]
Version [e.g. 10.15.1]

CLI Version:
Version [e.g. 1.0.0]

Additional context
Add any other context about the problem here.

[FEATURE] Support kubernetes secrets as a fallback

I implemented a basic version of using kubernetes secrets as a fallback method here: stephenlacy@56e6cd1

Usage in a docker container:

ENTRYPOINT doppler run --kubernetes-secrets-fallback --kubernetes-namespace app -- "/app/bin/$PACKAGE"

The main premise is on a kubernetes cluster the pods are auto-scaling, as such they can and will restart at any time. If for any reason doppler services are unavailable then 100% of the restarting pods will fail and will cause a crash loop.

Not sure if there are plans of supporting fallbacks as modules, if so having an AWS KMS and kubernetes secret fallback would be interesting.

[FEATURE] Make doppler run play nicely with systemd

Is your feature request related to a problem? Please describe.

See the PHP on NGINX with Doppler and Systemd guide for context.

When using doppler run to spawn the php-fpm process, it hangs and requires a SIGINT.

Upon getting the status of the Systemd php-fpm service, it outputs the following, where 12951 is the php-fpm process and 12931 is doppler.

Oct 27 01:54:26 ip-10-0-0-163 systemd[1]: Starting The PHP 7.4 FastCGI Process Manager...
Oct 27 01:54:26 ip-10-0-0-163 systemd[1]: php7.4-fpm.service: Got notification message from PID 12951, but reception only permitted for main PID 12931
Oct 27 01:54:36 ip-10-0-0-163 systemd[1]: php7.4-fpm.service: Got notification message from PID 12951, but reception only permitted for main PID 12931

This isn't a huge deal when manually configuring things, but is a blocker for automated solutions such as an Ansible playbook.

Describe alternatives you've considered
There might be another way to fix this but I'm not sure.

Additional context
Add any other context or screenshots about the feature request here.

[FEATURE] Signed git tags or standalone signature for GitHub source tarballs

Is your feature request related to a problem? Please describe.

Hi, I maintain your project on Arch Linux's AUR. Before I start, I'd like to say thank you for signing all of your artifacts with a GPG key. I don't see this as often as I should.

That being said, the only thing missing are signed tags or, at the very least, a source tarball signature file.

Describe the solution you'd like

I'd like to see one or the other items above implemented. To elaborate a bit on the source signature file, GitHub automatically makes source tarballs available for download for each tag. Ideally I'd like to be able to download a signature file for this tarball so that I as a package maintainer can have both checksums and a signature to check against without needing to download the entire git repo.

Doppler 3.23.3 on Windows 10 AMD is incorrect build type

When installing the 3.23.4 via Scoop on Windows, the doppler.exe executable is unable to run

I've been able to reproduce this on Windows 10 by using the Scoop commands in our docs.

As a test, I downloaded the AMD zip from the 3.23.3 release and replaced the doppler.exe in C:\Users\rb\scoop\apps\doppler\current folder which I was able to run without error.

[BUG/FEATURE] Add support for OSTree based environments

Describe the bug
Doppler CLI does not install due to it installing files into a path classified as a system directory in OSTree based OSes. See: coreos/rpm-ostree#233
This is caused by installing persistent files into the /usr/local/ directory, which is classified as a system directory, and therefore not writable on OSTree based OSes.

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

Add the Doppler Repo to any OSTree based OS, such as Fedora CoreOS.
Attempt to install Doppler with rpm-ostree

Expected behavior
Doppler should install properly without triggering the bug/unsupported behavior as described in coreos/rpm-ostree#233

Screenshots

Desktop (please complete the following information):

Guest OS: Fedora CoreOS
Version: 36.20220820.3.0
Host OS: Proxmox
Version: 7.2-7

CLI Version:
Version: ALL
(As this is an issue with installing it, I would assume that this would effect most versions, but I am currently installing the most recent version for Fedora/RHEL/CentOS)

Additional context

how could I use doppler in fly.io? nodejs

I'm tring to use doppler to delpy with fiy.io
but deploy always got failed.

my dockerfile

FROM debian:bullseye as builder

ARG NODE_VERSION=16.17.0

RUN apt-get update; apt install -y curl
RUN curl https://get.volta.sh | bash
ENV VOLTA_HOME /root/.volta
ENV PATH /root/.volta/bin:$PATH
RUN volta install node@${NODE_VERSION}

#######################################################################
# Install Doppler CLI
RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg && \
    curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | apt-key add - && \
    echo "deb https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list && \
    apt-get update && \
    apt-get -y install doppler

##############

RUN mkdir /app
WORKDIR /app

ENV NODE_ENV production

COPY . .

RUN npm install
FROM debian:bullseye

LABEL fly_launch_runtime="nodejs"

COPY --from=builder /root/.volta /root/.volta
COPY --from=builder /app /app

WORKDIR /app
ENV NODE_ENV production
ENV PATH /root/.volta/bin:$PATH

CMD ["doppler", "run", "--", "npm", "start"]

log

2022-11-12T10:45:01.631 runner[6e9e9d5e] hkg [info] Starting instance

2022-11-12T10:45:03.293 runner[6e9e9d5e] hkg [info] Configuring virtual machine

2022-11-12T10:45:03.294 runner[6e9e9d5e] hkg [info] Pulling container image

2022-11-12T10:45:04.111 runner[6e9e9d5e] hkg [info] Unpacking image

2022-11-12T10:45:04.123 runner[6e9e9d5e] hkg [info] Preparing kernel init

2022-11-12T10:45:04.565 runner[6e9e9d5e] hkg [info] Configuring firecracker

2022-11-12T10:45:05.019 runner[6e9e9d5e] hkg [info] Starting virtual machine

2022-11-12T10:45:05.322 app[6e9e9d5e] hkg [info] Starting init (commit: 81d5330)...

2022-11-12T10:45:05.351 app[6e9e9d5e] hkg [info] Preparing to run: `doppler run -- npm start` as root

2022-11-12T10:45:05.366 app[6e9e9d5e] hkg [info] Error: UnhandledIoError(Os { code: 2, kind: NotFound, message: "No such file or directory" })

2022-11-12T10:45:05.368 app[6e9e9d5e] hkg [info] [ 0.131782] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100

2022-11-12T10:45:05.369 app[6e9e9d5e] hkg [info] [ 0.133609] CPU: 0 PID: 1 Comm: init Not tainted 5.12.2 #1

2022-11-12T10:45:05.369 app[6e9e9d5e] hkg [info] [ 0.134903] Call Trace:

2022-11-12T10:45:05.370 app[6e9e9d5e] hkg [info] [ 0.135485] show_stack+0x52/0x58

2022-11-12T10:45:05.371 app[6e9e9d5e] hkg [info] [ 0.136356] dump_stack+0x6b/0x86

2022-11-12T10:45:05.372 app[6e9e9d5e] hkg [info] [ 0.137102] panic+0xfb/0x2bc

2022-11-12T10:45:05.373 app[6e9e9d5e] hkg [info] [ 0.137763] do_exit.cold+0x60/0xb0

2022-11-12T10:45:05.374 app[6e9e9d5e] hkg [info] [ 0.138627] do_group_exit+0x3b/0xb0

2022-11-12T10:45:05.374 app[6e9e9d5e] hkg [info] [ 0.139553] __x64_sys_exit_group+0x18/0x20

2022-11-12T10:45:05.375 app[6e9e9d5e] hkg [info] [ 0.140552] do_syscall_64+0x38/0x50

2022-11-12T10:45:05.375 app[6e9e9d5e] hkg [info] [ 0.140552] entry_SYSCALL_64_after_hwframe+0x44/0xae

2022-11-12T10:45:05.375 app[6e9e9d5e] hkg [info] [ 0.141022] RIP: 0033:0x7fdda03da8b9

2022-11-12T10:45:05.377 app[6e9e9d5e] hkg [info] [ 0.141440] Code: eb ef 48 8b 76 28 e9 a5 03 00 00 64 48 8b 04 25 00 00 00 00 48 8b b0 b0 00 00 00 e9 af ff ff ff 48 63 ff b8 e7 00 00 00 0f 05 <ba> 3c 00 00 00 48 89 d0 0f 05 eb f9 66 2e 0f 1f 84 00 00 00 00 00

2022-11-12T10:45:05.378 app[6e9e9d5e] hkg [info] [ 0.143302] RSP: 002b:00007fffd3585378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7

2022-11-12T10:45:05.379 app[6e9e9d5e] hkg [info] [ 0.144102] RAX: ffffffffffffffda RBX: 00007fdda016a8e0 RCX: 00007fdda03da8b9

2022-11-12T10:45:05.381 app[6e9e9d5e] hkg [info] [ 0.145240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001

2022-11-12T10:45:05.382 app[6e9e9d5e] hkg [info] [ 0.146753] RBP: 0000000000000001 R08: 00007fdda04b1ba0 R09: 0000000000000000

2022-11-12T10:45:05.382 app[6e9e9d5e] hkg [info] [ 0.147587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd35853d8

2022-11-12T10:45:05.384 app[6e9e9d5e] hkg [info] [ 0.149293] Kernel Offset: disabled : 0000000000000000 R15: 0000000000000000

2022-11-12T10:45:05.384 app[6e9e9d5e] hkg [info] [ 0.149293] Kernel Offset: disabled

2022-11-12T10:45:05.385 app[6e9e9d5e] hkg [info] [ 0.149737] Rebooting in 1 seconds..

does anyone know the cause of the problem ?

[FEATURE] Protip: Add `secret-management ` to your list of tags on the repo

This just means you guys appear in this list: https://github.com/topics/secret-management. Good for SEO

Also Github has discussions built in. Please enable it so that non-issues like this can be posted there instead of here

[BUG] Security vulnerabilities

Describe the bug
I am switching to using a hardened Docker image for Ubuntu provided by Canonical to get rid of all the CVEs.
My image is now free of vulnerabilities apart from the two brought by doppler and detected by trivy.

To Reproduce

$ trivy --version
Version: 0.18.3
Vulnerability DB:
  Type: Light
  Version: 1
  UpdatedAt: 2021-06-22 00:05:00.051809127 +0000 UTC
  NextUpdate: 2021-06-22 06:05:00.051808727 +0000 UTC
  DownloadedAt: 2021-06-22 10:08:26.510496673 +0000 UTC
$ trivy image <IMAGE_NAME>
2021-06-22T12:14:55.914+0200	INFO	Detected OS: ubuntu
2021-06-22T12:14:55.914+0200	WARN	This OS version is not on the EOL list: ubuntu 21.10
2021-06-22T12:14:55.914+0200	INFO	Detecting Ubuntu vulnerabilities...
2021-06-22T12:14:55.915+0200	INFO	Number of PL dependency files: 3
2021-06-22T12:14:55.915+0200	INFO	Detecting jar vulnerabilities...
2021-06-22T12:14:55.915+0200	INFO	Detecting gobinary vulnerabilities...
2021-06-22T12:14:55.915+0200	WARN	This OS version is no longer supported by the distribution: ubuntu 21.10
2021-06-22T12:14:55.915+0200	WARN	The vulnerability detection may be insufficient because security updates are not provided

<IMAGE_NAME>:latest (ubuntu 21.10)
===================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


usr/bin/doppler
===============
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

+---------------------+------------------+----------+------------------------------------+------------------------------------+---------------------------------------+
|       LIBRARY       | VULNERABILITY ID | SEVERITY |         INSTALLED VERSION          |           FIXED VERSION            |                 TITLE                 |
+---------------------+------------------+----------+------------------------------------+------------------------------------+---------------------------------------+
| golang.org/x/crypto | CVE-2020-29652   | HIGH     | v0.0.0-20190530122614-20be4c3c3ed5 | v0.0.0-20201216223049-8b5274cf687f | golang: crypto/ssh: crafted           |
|                     |                  |          |                                    |                                    | authentication request can            |
|                     |                  |          |                                    |                                    | lead to nil pointer dereference       |
|                     |                  |          |                                    |                                    | -->avd.aquasec.com/nvd/cve-2020-29652 |
+                     +------------------+          +                                    +------------------------------------+---------------------------------------+
|                     | CVE-2020-9283    |          |                                    | v0.0.0-20200220183623-bac4c82f6975 | golang.org/x/crypto: Processing       |
|                     |                  |          |                                    |                                    | of crafted ssh-ed25519                |
|                     |                  |          |                                    |                                    | public keys allows for panic          |
|                     |                  |          |                                    |                                    | -->avd.aquasec.com/nvd/cve-2020-9283  |
+---------------------+------------------+----------+------------------------------------+------------------------------------+---------------------------------------+

Expected behavior
No vulnerabilities shown.

Install on Windows with Bash

None of our engineers use scoop or powershell. Every engineer I know uses git bash for windows

Describe the solution you'd like
Instructions for installing the CLI on Windows using bash.

Describe alternatives you've considered
A normal program installer like most tools on windows.

[BUG] Unexpected 404 using CLI install script

Describe the bug
We're attempting to download the CLI to use within CI.

To Reproduce

#!/bin/bash -eo pipefail
(curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh -s -- --no-install --no-package-manager

Expected behavior
It installs successfully.

Screenshots

Desktop (please complete the following information):

Docker Image: cimg/ruby:2.7.6-browsers

CLI Version:
Latest

Additional context
This is occurring on many of our CircleCI jobs, preventing us from merging in critical changes.

[BUG] Doppler CLI fails to install on debian, started today 3/22

Describe the bug
Installing doppler CLI on debian is failing, starting new as today 3/22

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

Follow instructions in https://docs.doppler.com/docs/install-cli to install the CLI for debian
Eventually, the "apt-get -y install doppler" command fails. Here are logs from our CI system:

Step 9/12 : RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg &&     curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | apt-key add - &&     echo "deb https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list &&     apt-get update &&     apt-get -y install doppler
 ---> Running in 45aae5601cf5
....
Setting up apt-transport-https (2.2.4) ...
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
deb https://packages.doppler.com/public/cli/deb/debian any-version main
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian bullseye-updates InRelease
Hit:3 http://security.debian.org/debian-security bullseye-security InRelease
Ign:4 https://packages.doppler.com/public/cli/deb/debian any-version InRelease
Err:5 https://packages.doppler.com/public/cli/deb/debian any-version Release
  404  Not Found [IP: 108.138.64.64 443]
Reading package lists...
E: The repository 'https://packages.doppler.com/public/cli/deb/debian any-version Release' does not have a Release file.

Expected behavior
Doppler CLI should install successfully

Desktop (please complete the following information):

OS: Debian
Version 11 (bullseye)

Improvement to centos installation

This command:

sudo curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/config.rpm.txt' > /etc/yum.repos.d/doppler-cli.repo

Doesn't work with sudo. Change it to something like

curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/config.rpm.txt' | sudo tee /etc/yum.repos.d/doppler-cli.repo

doppler run no longer overrides local environment variables

Describe the bug

If you have an environment variable that matches a Doppler variable, using doppler run will choose the environment variable,
not the Doppler one, even if you don't use the --preserve-env flag.

This is a regression introduced in 3.39.0

To Reproduce

Set an environment variable locally that has the same name as one in Doppler.
Use doppler run node and then log the environment variable
It will log the value from your local environment

Expected behavior

It should log the value from Doppler.

CLI Version:
3.39.0

[FEATURE] CLI autocomplete for inline --project + --config

Describe the solution you'd like

CLI autocompletion for --projects and --configs, useful when maintaining and working with multiple projects in a single workspace. Here's some examples :

# project : inline
> doppler secrets --project <TAB>
project-one
project-two
project-three

# project : inline / config : inline
> doppler secrets --project project-two --config <TAB>
dev
stg
prd

# project : .doppler.yaml
> doppler secrets --project project-two --config <TAB>
dev
stg
prd

Describe alternatives you've considered

Using doppler setup everytime, but it's quite inconvenient. Meanwhile, the same function may be used I guess since it shows exactly what's expected ✌🏽

[BUG] syntax error in /etc/bash_completion.d/doppler

Describe the bug
After installing doppler using (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sudo sh

I'm getting the following error

source ~/.bash_profile
sh: /etc/bash_completion.d/doppler: line 129: syntax error near unexpected token `<'
sh: /etc/bash_completion.d/doppler: line 129: `        done < <(compgen -W "${out}" -- "$cur")'

To Reproduce

Install doppler cli
source ~/.bash_profile
See error

Expected behavior
No syntax error

Desktop (please complete the following information):

VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

CLI Version:
v3.54.0

Distribute CLI via winget for Windows

winget is the first party package manager from Microsoft that's included by default in Windows 11 and newer versions of Windows 10: https://docs.microsoft.com/en-us/windows/package-manager/winget/

Instructions for distributing a package through winget are also fairly straightforward and low effort: https://docs.microsoft.com/en-us/windows/package-manager/package/

Doing this would remove the need for Windows users to install Scoop first before they can install Doppler and would bring the Windows installation instructions down to essentially "please run winget install DopplerHQ.doppler-cli" or similar.

[BUG] Installing the Doppler CLI inside a docker image sometimes fails with a 500 error

Describe the bug
We have a number of Docker images that install the Doppler CLI as part of the image. Since Friday April 16th the image builds have started failing occasionally with the message "ERROR: Download failed with status 500". (To be clear, this is not consistent behavior, sometimes the images builds do succeed.)

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

Make a Dockerfile with this content:

FROM mcr.microsoft.com/dotnet/runtime-deps:5.0-alpine AS base
RUN apk --no-cache add curl icu-libs

ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false

# Install doppler CLI
RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh

# ... remaining file omitted

Build the image on Azure Devops using the ubuntu-latest vm pool

Expected behavior
The image should build successfully.

Desktop (please complete the following information):

OS: Ubuntu
Version 20.04.2

CLI Version:
Latest

Additional context

[BUG] Unsupported architecture - Apple Silicon

Describe the bug
I am trying to run the Doppler CLI install script in a docker container from PHP:7.4-fpm-alpine, but whenever I get to that steps it fails.

To Reproduce
Steps to reproduce the behavior:

FROM PHP:7.4-fpm
RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh
See ERROR: Unsupported architecture 'aarch64'

Expected behavior
I expect the script to install doppler in the container

Screenshots

Desktop (please complete the following information):

OS: mac OSX - running M1
Version 11.1

[FEATURE]: Specify project template secret variables as empty, but required and prompt for optional value

In order to use doppler init for setting up open source projects that require secret values upon initialization, e.g. Postgres, a handy workflow would be to prompt the user for the value for a secret if it's empty, but required, e.g. database password.

The user doesn't necessarily have to enter a value. They should be able to hit Enter and continue.

I think it would be awesome to make a flow like this possible:

# Set up PostgreSQL project and secrets
doppler init https://github.com/DopplerHQ/open-source-templates/blob/master/postgres.yaml

# Launch PostgreSQL container
docker run --rm -p 5432:5432 --env-file <(doppler secrets download --project postgres --config dev --no-file --format docker) postgres

[BUG] VS Code command window sluggish after terminate

Describe the bug
When terminating a session in VS Code that's been called with doppler run, the terminal window is sluggish and unresponsive. Have to close it and re-open a new terminal. Is there a reason/fix for this?

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.
[Windows User]
Open VS Code.
Launch your app with doppler run... Example: doppler run --command="start-server"
Terminate the app.
Try to type in the Terminal window of VS Code. Doesn't work too well. Have to hit the delete button and Ctrl + ` to re-open a new window.

[FEATURE] doppler run --secret-names

Is your feature request related to a problem? Please describe.
Let's say I have a project / config containing 10 secrets, but I want just 2 of them in my doppler run - call, the command will receive all 10 secrets. But sometimes I don't want to give the command all my secrets.

Describe the solution you'd like
The solution might be an additional switch / filter e.g. --secret-names where I can provide a list (1-n) secret names which should be injected into the doppler run - call.

Describe alternatives you've considered

Nothing to say here

Additional context

Nothing to say here

[FEATURE] Helm CRD operator for ease k8s installation

Is there any CRD available already which we can use just like vault operator?

[BUG] Unexpected 404 using CLI install script

Describe the bug
Install script gets 404 - not found

To Reproduce
(curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh

Expected behavior
Not sure - a doppler binary installation and ?

Screenshots
N/A

Desktop (please complete the following information):
Darwin 20.6.0 Darwin Kernel Version 20.6.0: Wed Nov 10 22:23:07 PST 2021; root:xnu-7195.141.14~1/RELEASE_X86_64 x86_64

CLI Version:
N/A

Additional context
N/A.

[BUG] Cannot login

Describe the bug
When I run doppler login I hit errors on a brand new Mac M1.

To Reproduce
Steps to reproduce the behavior. Please include output from running the command with --debug.

Install using brew
Run doppler login --debug
A browser window opens but an error returns almost immediately (i.e. it doesn't wait long at all)

Debug: Using config dir /Users/******/.doppler
Debug: Using config file /Users/******/.doppler/.doppler.yaml
Debug: Reading config file
Debug: Performing HTTP GET to https://api.doppler.com/v3/auth/cli/generate/2?arch=arm64&hostname=******&os=macOS&version=v3.53.0
Debug: Sending anonymous analytics payload: '{"command":"doppler.login"}'
Debug: Performing HTTP POST to https://cli.doppler.com/v1/analytics
Debug: Post "https://cli.doppler.com/v1/analytics": EOF
Doppler Error: Post "https://cli.doppler.com/v1/analytics": EOF
Debug: Request ID ******
? Open the authorization page in your browser? Yes
Complete authorization at https://dashboard.doppler.com/workplace/auth/cli
Your auth code is:
******

Waiting...
Debug: Performing HTTP POST to https://api.doppler.com/v3/auth/cli/authorize
Debug: Post "https://api.doppler.com/v3/auth/cli/authorize": EOF
Unable to fetch auth token
Doppler Error: Post "https://api.doppler.com/v3/auth/cli/authorize": EOF

The same error occurs with ? Open the authorization page in your browser? (Y/n) = n

Expected behavior
I should be able to login

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: macOS
Version 12.4

CLI Version:
Version: v3.53.0

Additional context
Add any other context about the problem here.

[FEATURE] Hide secrets from logs when running command with `doppler run --hide-secrets `

Is your feature request related to a problem? Please describe.
When using doppler on Github Actions with a command like doppler run -- printenv your secrets will be leaked in the Github actions logs

Usually Github Actions replaces Github Actions secrets with **** in the logs, but if you use doppler you won't have this feature

This is also useful if you are streaming on Twitch and want to show your terminal logs safely

Describe the solution you'd like
When running doppler run --hide-secrets replace all doppler secrets instances with **** characters

Describe alternatives you've considered

Additional context
It would also be useful to add the option --show SECRET_NAME to allow some secrets to be shown, useful if you are storing non sensitive data in doppler and want to show them in logs

[FEATURE] Multiple project and config access at once through a single token or command line

Is your feature request related to a problem? Please describe.

Today, AKAIK there's no easy way to run Doppler's CLI in a monorepo with multiple services divided into multiple Doppler projects, e.g. doppler run -- docker-compose up -d ...

https://docs.doppler.com/docs/install-cli#project-setup
https://docs.doppler.com/docs/docker-compose (useful, great doc, but still a bit hacky IMO)
- https://docs.doppler.com/docs/docker-compose#option-1-dockerfile
  - Seems to be the only way to inject secrets from different Doppler project but it means : changing all the existing Dockerfile (e.g. to add a "doppler setup" stage)
- https://docs.doppler.com/docs/docker-compose#option-2-container-env-vars (great doc! But..)
  - Doesn't seems to support injection from multiple tokens/projects 🤔
https://community.doppler.com/t/docker-compose-monorepo-usage/667/2
https://community.doppler.com/t/monorepo-access-token-setup-tedious/599

Imagine a monorepo with three services (pretty common) controlled by docker-compose :

frontend
backend
database

I have a Doppler project for each of the above services (best practice?) and I can't easily find a way without refactoring the code (e.g. Dockerfile) to inject my secrets within when running docker-compose

Describe the solution you'd like

Doppler monorepo best practices support/documentation

Describe alternatives you've considered

Maybe adaptation of the API/CLI (I presume, to generate tokens bound to multiple projects) and corresponding dashboard/CLI option to generate access token to multiple projects, bound to a single config (otherwise it won't make sense 🙃 )
Or just a feature in the CLI that could loop through a list of projects/configs (structure defined below) and inject all of those secrets at once when running doppler run -- <command>

For the token structure, the token xxxx-xxxxxxxxxxxxxxx-xxxxxxx points to three different Doppler projects (<project-name>:<config>) :

project-one:dev
project-three:dev
project-four:prd

When requesting the secrets with this token, I'd like to get all the secrets of the above projects (from their respective configs), making it mono-repo friendly by allowing the user to easily inject multiple Doppler projects secrets into a single app (made of multiple services)

⚠️ There might be a conflict between same env names, in that case we could either warn the user and block the token creation until he fixes the name duplications or overwrite the value with the latest variable of the same name

For the CLI, here's two suggestions :

Interactive setup

# Allow multiple project selection (e.g. spacebar)
$ doppler setup
"Space to select, Enter to confirm"
> project-one
  project-two
  project-three
> project-four

# Press <ENTER>

# Select a single config per project
$ doppler setup
"Space to select, Enter to confirm"

"Select config for : project-one"
> dev
  stg
  prd
"Select config for : project-four"
  dev
> stg
  prd

And the doppler.yaml repository setup file could look like the following :

setup:
    project: project-global
    config: dev
    projects:
        - project: project-api
          config: dev
          path: ./api
        - project: project-backend
          config: dev
          path: ./backend
        - project: project-frontend
          config: stg
          path: ./frontend

Then, running doppler setup --no-interactive would auto-generate the following entries in ~/.doppler/.dopler.yaml :

scoped:
    /home/user/doppler-demo:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-global
        enclave.config: dev
    /home/user/doppler-demo/api:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-api
        enclave.config: dev
    /home/user/doppler-demo/backend:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-backend
        enclave.config: dev
    /home/user/doppler-demo/frontend:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-frontend
        enclave.config: stg

Finally, how to use it in the CLI :

# Only returns the secrets from the filepath scope (e.g. in  /home/user/doppler-demo/api only project-api:dev secrets)
doppler secrets

# Returns all the secrets from the filepath scope and childrens defined in doppler.yaml
doppler secrets --all

# Allowing the user to inject all its secrets in a single simple command
doppler run --all -- docker-compose up -d

Inline command

# Get secrets from multiple projects passed inline (':' aren't allowed in the project names so it works as a separator) 
doppler secrets --project project-one:dev,project-two:stg

Despite the above, Doppler is great tool! Very handy & convenient, good work! 💪🏽 👏🏽

[BUG] Unexpected 404 using CLI install script

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. macOS]
Version [e.g. 10.15.1]

CLI Version:
Version [e.g. 1.0.0]

Additional context
Add any other context about the problem here.

	if [ "$USE_PACKAGE_MANAGER" -eq 1 ]; then
	if [ -x "$(command -v dpkg)" ]; then
	format="deb"
	elif [ -x "$(command -v rpm)" ]; then
	format="rpm"
	fi
	fi

	elif [ "$format" = "rpm" ]; then
	mv -f "$filename" "$filename.rpm"
	filename="$filename.rpm"

	if [ "$INSTALL" -eq 1 ]; then
	echo 'Installing...'
	rpm -i --force "$filename"
	echo "Installed Doppler CLI $(doppler -v)"
	else
	log_debug "Moving installer to $(pwd) (cwd)"
	mv -f "$filename" .
	echo "Doppler CLI installer saved to ./$file.rpm"
	fi

dopplerhq / cli Goto Github PK

cli's People

Contributors

Stargazers

Watchers

Forkers

cli's Issues

Is your feature request related to a problem? Please describe.

Describe alternatives you've considered

Recommend Projects

Recommend Topics

Recommend Org