Doppler
Service Name: Doppler
Service Description: Doppler is a universal secrets platform that helps developers and organizations securely manage API keys, tokens, certificates, and other sensitive information across applications, environments, and team members.
Service Address: https://www.doppler.com/
- Validation Type: -
- IP Allow list: Does not exist
- Secret Access Scope: Grants access to secrets stored in Doppler projects and environments.
- Secret Revokement URL: https://docs.doppler.com/reference/service-
tokens#revoking-a-service-token
- Secret Example: dp.pt.abcdefghijklmnopqrstuvwxyz1234567890abcdefgh
- Suspicious Activity Investigation Instructions:
- Check Doppler audit logs for unauthorized access or changes to secrets
- Review Doppler dashboard for unexpected service token creation
- Verify if any secrets have been accessed or modified unexpectedly
- Check for unusual API calls or access patterns in your logs
- Mitigation Instructions:
- Log into your Doppler dashboard
- Navigate to the Access Management section
- Find the compromised service token
- Click on the Revoke button to immediately invalidate the token
- Create a new token with appropriate scopes if needed
Doppler API Token
- Update any applications or services using the old token
- Consider rotating all secrets that may have been exposed