Doppler is a secrets management platform that helps developers organize and sync environment variables across teams and infrastructure.
Tool to create a new webhook for a Doppler project. Use when you need to configure webhook notifications for secret changes or other events in a project. The webhook URL must use HTTPS. Optionally configure authentication, specific configs to monitor, custom payload templates, or request signing secrets.
Tool to clone a branch config including all its secrets. Use after confirming the source config details.
Tool to create a branch config. Use when you need to programmatically establish a new branch-based configuration for a specified project and environment. The config name MUST start with the environment identifier followed by an underscore (e.g., 'dev_feature' for dev environment). Use after selecting the target project and environment.
Create a Doppler Share link for an end-to-end encrypted secret. This tool generates a secure, shareable link where the secret is encrypted client-side and decrypted in the recipient's browser, ensuring Doppler never has access to the plaintext. Use this when you need to securely share sensitive information (API keys, passwords, credentials) with controlled expiration. The secret must be pre-encrypted using AES-256-GCM with PBKDF2-SHA256 key derivation before calling this tool. Security features: - End-to-end encryption: Secret is never exposed to Doppler's servers - Configurable expiration: Set limits on views (1-50 or unlimited) and days (1-90) - Password-protected: Recipients must enter the correct password to decrypt
Create a new environment in a Doppler project. Environments (like dev, staging, prod) organize different configurations within a project. Use this when you need to set up a new deployment environment for secrets management. Each environment requires a unique slug within the project.
Tool to generate a Doppler Share link by sending a plain text secret. Use when you need to securely share secrets with expiration controls. The secret is not stored in plain text by Doppler; the receive flow is end-to-end encrypted where the encrypted secret is decrypted in the browser.
Tool to create a project. Use when you need to programmatically initialize a new Doppler project after authentication.
Tool to create a new service token for a Doppler config. Use when you need to generate API credentials for services to access secrets programmatically. The token grants either read-only or read/write access to the specified config. Store the returned token key securely as it cannot be retrieved later.
Tool to delete a config permanently. Use when you need to remove a config that is no longer needed.
Tool to delete an environment. Use when you need to remove an environment from a project after confirming it's no longer in use.
Tool to delete a project permanently. Use after confirming irreversible removal.
Tool to delete a secret from a Doppler config. Use when you need to permanently remove a secret from a specific project and config.
Tool to delete an existing service token from a Doppler config. Use when you need to revoke or remove a service token that is no longer needed.
Tool to delete an existing webhook. Use when you need to permanently remove a webhook from a project.
Tool to disable an existing Doppler webhook. Use when you need to temporarily stop a webhook from receiving notifications without deleting it.
Tool to download secrets from a Doppler config in various formats. Use when you need to retrieve all secrets or a subset of secrets from a specific project and config. Supports multiple output formats and name transformations.
Tool to enable a previously disabled webhook. Use when you need to reactivate a webhook that was temporarily disabled.
Retrieve detailed information about a specific activity log entry. Activity logs track all actions performed in the Doppler workplace including project creation, secret modifications, user actions, etc. Use the List Activity Logs action to discover available log IDs.
Tool to retrieve information about the authenticated user or token. Use when you need to verify authentication status or get details about the current token's workplace and permissions.
Tool to retrieve a specific Doppler config by project and config name. Use when you need to get configuration details for a specific project environment.
Tool to retrieve a specific config log from Doppler. Use when you need to view details about a particular configuration change or event.
Retrieves detailed metadata for a specific Doppler environment within a project. Use this to get information about an environment including its name, creation date, first fetch timestamp, and personal configs setting. You must provide both the project slug and environment slug.
Tool to retrieve details of a specific Doppler project by its identifier. Use when you need to get project metadata including ID, slug, name, description, and creation timestamp.
Retrieve a specific project member's details including their role and environment access permissions. Use this when you need to check a specific user's, group's, service account's, or invite's membership settings in a project. Requires the project slug, member type (workplace_user/group/invite/service_account), and member slug (UUID).
Retrieve detailed information about a specific project role in Doppler, including its permissions, display name, identifier, creation timestamp, and whether it's a custom or built-in role. Use this to understand what permissions a role grants before assigning it to users or groups.
Tool to retrieve a specific secret from a Doppler project config. Use when you need to get the value of a specific secret including its raw and computed values.
Tool to retrieve an existing webhook by its slug. Use when you need to get webhook details including URL, authentication settings, enabled status, and payload configuration.
Tool to retrieve workplace information from Doppler. Use when you need to get workplace details including ID, name, billing email, and security email.
Tool to retrieve workplace role information from Doppler. Use when you need to get details about a specific role including its permissions and metadata.
Tool to retrieve a specific workplace user by their workplace_user id. Use when you need to get detailed information about a workplace user including their access level, creation date, and nested user details.
List workplace activity logs with pagination support. Retrieves a paginated list of activity logs showing actions performed by users and bots in your Doppler workplace, such as creating projects, modifying secrets, generating tokens, and other workspace events. Each log entry includes details about the actor, timestamp, and affected resources. Use this tool when you need to audit workplace activity, track changes, or investigate who performed specific actions.
List existing change requests in the Doppler workplace. Use this tool to retrieve all change requests and view their current status. Change requests are a workflow-driven mechanism for proposing additions, modifications, or deletions of values stored in Doppler, which require review and approval from authorized team members. Note: This feature requires a Team or Enterprise plan. Attempting to use this endpoint with a Free or Starter plan will result in a 403 Forbidden error.
Tool to retrieve configuration change logs for a specific config in a project. Use when you need to view the history of configuration changes, track who made changes, or identify rollback actions.
Tool to list configurations from a Doppler project. Use when you need to retrieve all configs or filter by environment. Supports pagination for large result sets.
Tool to list all Doppler projects in your workspace. Use when you need to retrieve available projects for configuration management or to get project details.
Tool to list all secrets for a specific Doppler config within a project. Use when you need to retrieve secret values and metadata. Returns both raw and computed values for each secret, along with visibility settings and optional notes.
Tool to list all environments in a Doppler project. Use when you need to retrieve the environments available in a specific project.
Tool to retrieve all existing integrations in Doppler. Use when you need to list all configured integrations.
Tool to list open workplace invites. Use when you need to retrieve all pending invitations for the current Doppler workplace after authenticating.
Tool to list all members of a Doppler project including users, groups, service accounts, and invites. Use when you need to retrieve all members with their roles and environment access permissions for a specific project.
List all available project-level permissions in Doppler. Returns permission identifiers (slugs) that can be assigned to project roles when creating or updating custom roles. Use this to discover what permissions are available before configuring project role access.
Tool to list all available project roles in Doppler. Use when you need to retrieve all roles for permission management or to see what roles are available.
Tool to retrieve the list of secret names from a specific Doppler config. Use when you need to list available secret names without their values.
Tool to list all service tokens for a specific Doppler config. Use when you need to view existing API credentials and their access levels.
Tool to list all webhooks configured for a Doppler project. Use when you need to retrieve all webhooks or check webhook configurations for a specific project.
Retrieves all available workplace permissions in Doppler. This action returns a comprehensive list of permission identifiers that can be assigned to workplace roles. Workplace permissions control access to organization-level features such as billing, team management, service accounts, integrations, audit logs, and other workplace settings. Use this action when you need to: - View all available permissions for workplace role configuration - Understand what permissions can be assigned to custom workplace roles - Audit the permission system capabilities in your Doppler workplace No parameters are required. This is a read-only, idempotent operation.
Tool to list all workplace roles in your Doppler workspace. Use when you need to retrieve available workplace roles for user management or permission configuration.
Tool to list all users in the Doppler workplace. Use when you need to retrieve user information, check user access levels, or filter users by email address.
Lock a Doppler config to prevent it from being renamed or deleted. Locking provides protection against accidental modifications to critical configurations. Use this after confirming the correct project and config identifiers.
Remove a member from a Doppler group. This permanently removes the specified member (workplace_user, group, invite, or service_account) from the group. Requires valid group and member slugs. Returns 204 status code on success.
Tool to remove a member from a project. Use after confirming project slug, member type, and slug.
Rename an environment's display name within a Doppler project. This updates only the human-readable name; the environment slug remains unchanged. Use this when you need to update how an environment appears in the UI without affecting its identifier.
Revoke a dynamic secret lease immediately before its TTL expires. Use this tool when you need to terminate access to a dynamic secret (e.g., AWS IAM user, database credentials) by invalidating its active lease. This is useful for security purposes when access should be revoked before the natural expiration time. Prerequisites: The lease must have been previously issued via the secrets list or download endpoints with include_dynamic_secrets=true.
Tool to rollback a config to a selected log version. Use when needing to undo a specific change by its log ID, after confirming project, config, and log ID.
Tool to unlock a config. Use when you need to allow renaming or deletion of a previously locked config.
Rename an existing Doppler config within a project. This action modifies the config's name while preserving all secrets and settings. Before using this action: 1. Use DOPPLER_PROJECTS_LIST to get the project identifier 2. Use DOPPLER_CONFIGS_LIST to verify the config exists and get its current name 3. Ensure the new name is unique within the project Note: Root configs and locked configs cannot be renamed.
Tool to update secrets in a Doppler config. Use when you need to create or update secret values in a specific project and config.
Tool to update an existing Doppler project's name or description. Use when you need to rename a project or modify its description after it has been created.
Tool to update a note for a secret in Doppler. Use when you need to add or modify documentation for a specific secret. Notes are stored at the project level and apply across all environments, though a config parameter is required for the API call. Notes help document secret usage, provide context, or store reference links.
DEPRECATED: Use DopplerSecretsUpdateNote instead. Tool to set or update a note for a secret in Doppler. Use when you need to add or modify documentation for a specific secret. Notes are stored at the project level and apply across all environments.
Tool to update an existing webhook configuration in Doppler. Use when you need to modify webhook URL, authentication, enabled configs, or other webhook settings.
Tool to update workplace settings in Doppler. Use when you need to modify workplace name, billing email, or security email. At least one field must be provided to update.