Skip to content

Doppler

Service Name: Doppler

Service Description: Doppler is a universal secrets platform that helps developers and organizations securely manage API keys, tokens, certificates, and other sensitive information across applications, environments, and team members.

Service Address: https://www.doppler.com/

tokens#revoking-a-service-token

  • Secret Example: dp.pt.abcdefghijklmnopqrstuvwxyz1234567890abcdefgh
  • Suspicious Activity Investigation Instructions:
  • Check Doppler audit logs for unauthorized access or changes to secrets
  • Review Doppler dashboard for unexpected service token creation
  • Verify if any secrets have been accessed or modified unexpectedly
  • Check for unusual API calls or access patterns in your logs
  • Mitigation Instructions:
  • Log into your Doppler dashboard
  • Navigate to the Access Management section
  • Find the compromised service token
  • Click on the Revoke button to immediately invalidate the token
  • Create a new token with appropriate scopes if needed

Doppler API Token

  • Update any applications or services using the old token
  • Consider rotating all secrets that may have been exposed