{"id":21463217,"url":"https://github.com/dopplerhq/secrets-fetch-action","last_synced_at":"2025-07-15T03:31:27.937Z","repository":{"id":38456744,"uuid":"489165974","full_name":"DopplerHQ/secrets-fetch-action","owner":"DopplerHQ","description":"Securely inject Doppler secrets into your GitHub Actions.","archived":false,"fork":false,"pushed_at":"2024-03-21T20:55:04.000Z","size":158,"stargazers_count":10,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-05-09T14:24:48.178Z","etag":null,"topics":["secret-management","secrets","secrets-management","secrets-manager","security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DopplerHQ.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-06T00:29:37.000Z","updated_at":"2024-05-29T23:39:50.188Z","dependencies_parsed_at":"2024-02-08T22:59:59.338Z","dependency_job_id":"b2e4023c-52ed-4039-81ec-e458dc065d91","html_url":"https://github.com/DopplerHQ/secrets-fetch-action","commit_stats":{"total_commits":8,"total_committers":2,"mean_commits":4.0,"dds":0.375,"last_synced_commit":"6a57f7e84151f622cc324b28d68177628ae7c3fc"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DopplerHQ%2Fsecrets-fetch-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DopplerHQ%2Fsecrets-fetch-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DopplerHQ%2Fsecrets-fetch-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DopplerHQ%2Fsecrets-fetch-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DopplerHQ","download_url":"https://codeload.github.com/DopplerHQ/secrets-fetch-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226013402,"owners_count":17559867,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["secret-management","secrets","secrets-management","secrets-manager","security"],"created_at":"2024-11-23T07:19:55.608Z","updated_at":"2025-07-15T03:31:27.930Z","avatar_url":"https://github.com/DopplerHQ.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Doppler Secrets Fetch Action\n\nThis action enables you to fetch Doppler secrets for use in your GitHub Actions.\n\n\u003e NOTE: If the GitHub Actions for your repository only require secrets from a single config, we recommend using our [Doppler GitHub application](https://github.com/apps/doppler-secretops-platform/) instead, as it syncs secrets directly to your repository.\n\n## Configuration\n\nThe action can be configured in two ways:\n\n* Service Account with Project and Config via either:\n  - Service Account Identity via OIDC (recommended)\n  - Service Account Token\n* Service Token\n\n### Service Account \n\nA Doppler Service Account allows for a configurable set of permissions to services in your workplace. A project and config must be specified when using a service account. Your workplace must be on the Team or Enterprise plan in order to use service accounts.\n\n#### Service Account Identity via OIDC\n\n[Identities](https://docs.doppler.com/docs/service-account-identities) allow a service account to authenticate to Doppler via OIDC without using a static API token. This method works like the Service Account Token method below but without a static API token.\n\nThe `auth-method`, `doppler-identity-id`, `doppler-project` and `doppler-config` inputs must be provided when using a Service Account Identity. The permission `id-token: write` is required so that Doppler can obtain an OIDC token from Github for authentication.\n\n```yaml\njobs:\n  your-example-job:\n    permissions:\n      id-token: write # required for obtaining the OIDC JWT from Github\n    steps:\n      - uses: dopplerhq/secrets-fetch-action@v1.3.0\n          id: doppler\n          with:\n            auth-method: oidc        \n            doppler-identity-id: \u003cyour-service-account-identity-uuid\u003e \n            doppler-project: auth-api\n            doppler-config: ci-cd\n```\n\n#### Service Account Token\n\n The `doppler-project` and `doppler-config` inputs must be provided when using a Service Account Token:\n\n```yaml\n- uses: dopplerhq/secrets-fetch-action@v1.3.0\n      id: doppler\n      with:\n        doppler-token: ${{ secrets.DOPPLER_TOKEN }}\n        doppler-project: auth-api\n        doppler-config: ci-cd\n```\n\n### Service Token\n\nA [Doppler Service Token](https://docs.doppler.com/docs/service-tokens) provides read-only access to a single config.\n\nCreate a GitHub repository secret named `DOPPLER_TOKEN` or if using multiple Service Tokens (e.g. for a Monorepo), you can prefix the secret name using with application name, e.g. `AUTH_API_DOPPLER_TOKEN`.\n\nThen supply the Service Token using the `doppler-token` input:\n\n```yaml\n- uses: dopplerhq/secrets-fetch-action@v1.3.0\n      id: doppler\n      with:\n        doppler-token: ${{ secrets.DOPPLER_TOKEN }}\n```\n\n## Usage\n\nSecrets can be accessed in two ways:\n\n- Default: Using `outputs`\n- Optional: Using environment variables\n\n### Using Outputs\n\nSecrets can be accessed individually using `outputs` by providing an `id` for the Doppler action step:\n\n```yaml\nname: Doppler secrets from outputs\n\non: [push]\n\njobs:\n  secrets-fetch:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: dopplerhq/secrets-fetch-action@v1.3.0\n      id: doppler\n      with:\n        doppler-token: ${{ secrets.DOPPLER_TOKEN }}\n    - run: echo \"DOPPLER_PROJECT is ${{ steps.doppler.outputs.DOPPLER_PROJECT }} (Doppler meta environment variables are unmasked)\"\n    - run: echo \"API_KEY is ${{ steps.doppler.outputs.API_KEY }} (secret masked output)\"\n```\n\n### Using Environment Variables\n\nThis option injects secrets as environment variables for use in subsequent steps by setting the `inject-env-vars` input to `true`.\n\n\u003e NOTE: Be careful using this option as environment variables are available to any subsequent process in your GitHub Action steps.\n\n```yaml\nname: Doppler secrets from environment variables\n\non: [push]\n\njobs:\n  secrets-fetch:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: dopplerhq/secrets-fetch-action@v1.3.0\n      id: doppler\n      with:\n        doppler-token: ${{ secrets.DOPPLER_TOKEN }}\n        inject-env-vars: true\n    - run: printenv\n```\n\n## Automatic Secrets Masking\n\nAll secret values are masked with the exception of the Doppler meta variables:\n\n- `DOPPLER_PROJECT`\n- `DOPPLER_ENVIRONMENT`\n- `DOPPLER_CONFIG`\n\nand any secrets assigned the `unmasked` [secret visibility](https://docs.doppler.com/docs/secret-visibility).\n\n# Development and Testing\n\nExport the `NODE_ENV` and `DOPPLER_TOKEN` environment variables, then run `npm test`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdopplerhq%2Fsecrets-fetch-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdopplerhq%2Fsecrets-fetch-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdopplerhq%2Fsecrets-fetch-action/lists"}