Skip to content

Doppler API Key

Service Name: Doppler

Service Description: Doppler is a universal secrets platform that helps developers and organizations securely manage API keys, tokens, certificates, and other sensitive data across applications, environments, and team members.

Service Address: https://doppler.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level through Doppler's access controls.

Secret Access Scope: Grants programmatic access to secrets stored in Doppler projects and environments. The scope depends on the permissions assigned to the service token.

Secret Revokement URL: https://docs.doppler.com/reference/service-tokens#revoking-service-tokens

Secret Example: dp.st.prod.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x

Suspicious Activity Investigation Instructions:

  • Review Doppler audit logs for unusual access patterns or unauthorized secret retrievals
  • Check for unexpected changes to secrets or configurations
  • Monitor for unusual API calls or access from unexpected locations
  • Verify if the token has been used outside approved applications or environments
  • Review access logs for any unauthorized IP addresses accessing your Doppler projects

Mitigation Instructions:

  • Log in to your Doppler dashboard at https://dashboard.doppler.com/
  • Navigate to the Access section of your project
  • Find the compromised service token in the Service Tokens tab
  • Click on the token and select "Revoke" to immediately invalidate it
  • Create a new service token with appropriate scopes to replace the compromised one
  • Update all legitimate applications with the new token
  • Consider implementing more restrictive access controls, such as IP restrictions
  • Review and update your secret rotation policies