Doppler
Doppler is a secrets management platform that securely stores, manages, and syncs API keys, database URLs, and other sensitive credentials across teams, pipelines, and AI agents.
At a Glance
Secure solo projects with core secrets management features, free for up to 3 users.
Engagement
Available On
Listed Jul 2026
About Doppler
Doppler is a secrets management platform built for modern engineering teams, handling everything from solo developer projects to large enterprise deployments. Founded in 2018 by Brian Vallelunga after frustration with clunky existing tools, Doppler is designed to make security as appealing as developer productivity. The platform is available as a cloud service or, as of its latest launch, as an on-premises deployment option.
What It Is
Doppler sits in the secrets management category — the infrastructure layer responsible for storing, distributing, and rotating sensitive application credentials like API keys, database URLs, and certificates. Rather than scattering secrets across .env files, CI/CD environment variables, or cloud-native vaults with steep learning curves, Doppler provides a unified dashboard, CLI, and API that developers, DevOps engineers, and security teams can all use. The platform positions itself as a developer-friendly alternative to tools like HashiCorp Vault, Akeyless, and Infisical.
Core Capabilities
Doppler's feature set spans the full secrets lifecycle:
- Centralized secret storage with projects, environments, and config inheritance
- Doppler CLI for injecting secrets into local development workflows
- Service tokens and service accounts for machine-to-machine access
- Config syncs to push secrets directly to AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Vercel, Heroku, GitHub Actions, and more
- Secrets referencing to avoid duplication across environments
- Automatic secret rotation and API-based rotation
- Role-Based Access Controls (RBAC), SAML SSO, and Identity-Based Authentication for team access management
- Activity logs with configurable retention for audit trails
- Webhooks and SDK support for automation and custom integrations
- Official MCP Server for AI agent and workflow integration
- Change Requests for controlled secret updates with approval workflows
- Dynamic secrets and Enterprise Key Management (EKM) at the enterprise tier
Deployment Model: Cloud and On-Premises
Doppler historically operated as a cloud-only SaaS. The company recently launched Doppler On-prem, described on the homepage as "modern secrets management within your infrastructure." This makes Doppler available to organizations with strict data residency or compliance requirements that cannot use cloud-hosted secret stores. The enterprise tier explicitly lists "Doppler On-prem or Cloud" as a deployment option, alongside features like proxied secret rotation, log forwarding, and custom activity log retention.
Integrations and Where It Fits in the Stack
Doppler markets itself as a central hub for secure integrations, connecting to the most common infrastructure and deployment targets:
- Cloud providers: AWS Secrets Manager, Azure Key Vault, GCP Secret Manager
- CI/CD and hosting: GitHub Actions, Vercel, Heroku
- Monitoring and SIEM: Splunk, Datadog, Sumo Logic (enterprise tier)
- Identity providers: SAML SSO, SCIM for enterprise directory sync
- Infrastructure as code: Terraform (manage groups and configuration)
- AI and automation: Official MCP Server for AI agent access to secrets
The pricing page notes that Doppler uses user-based pricing with no extra costs for non-human identities — a deliberate design choice for teams running AI agents and automated workflows alongside human engineers.
Compliance and Security Posture
Doppler is SOC 2 and ISO compliant, with a public trust page at trust.doppler.com. The platform advertises 99.99% historical annual uptime and offers a 99.95% SLO at the enterprise tier. The homepage cites, as a vendor-published claim, that "49% of breaches involve credentials, with 86% of web application attacks stemming from stolen credentials" as context for the secrets sprawl problem Doppler addresses. The platform includes MFA, secret visibility types, trusted IP restrictions, and a bug bounty program via HackerOne.
Update: Doppler On-Prem Launch
The most notable recent product development is the launch of Doppler On-prem, prominently announced at the top of the homepage and pricing page. This extends Doppler's deployment options beyond cloud-only SaaS, targeting enterprises with on-premises infrastructure requirements. The enterprise tier now explicitly includes on-prem deployment, proxied secret rotation, and on-prem secret rotation as distinct capabilities. The pricing page also lists an Official MCP Server as a feature available across plans, signaling Doppler's positioning for AI agent workflows as a current product direction.
Community Discussions
Be the first to start a conversation about Doppler
Share your experience with Doppler, ask questions, or help others learn from your insights.
Pricing
Developer
Secure solo projects with core secrets management features, free for up to 3 users.
- Free for 3 users
- Integrations
- Doppler CLI for local development
- Service tokens (50)
- Email alerts and recurring reminders
Team
Unlock team productivity and protect shared secrets with advanced access controls and compliance features.
- Change Requests
- SAML SSO
- Identity Based Authentication
- Role-Based Access Controls
- Integration Access Scoping
- 90 days of activity logs
- Automatic secret rotation
- Service accounts
- Config inheritance
- Trusted IPs
- Priority support
- Config syncs (100)
- 500 service tokens
- 250 projects
- 15 environments
- Add-on enterprise features
- 14-day free trial
Enterprise
Tailored secrets management for compliance and regulatory needs, with on-prem or cloud deployment.
- Doppler On-prem or Cloud
- Change Request Policies
- Secret Health Analytics dashboard
- Custom permissions and roles
- User groups
- Enterprise SCIM
- Fully manage in Terraform
- Proxied Secret Rotation
- Enterprise Key Management (EKM)
- Dynamic secrets
- Log Forwarding
- Unlimited config syncs
- Custom activity log retention
- Custom rate limits
- 99.95% SLO
- Enterprise support
- Custom contract and invoicing
- Dedicated account manager
Custom Roles
Tailor access through fine-grained workplace and project permission profiles. Available as an add-on for the Team plan.
- Fine-grained workplace and project permission profiles
- Apply custom roles to users and groups
User Groups
Assign users to groups with specific access levels, implementing least privilege. Available as an add-on for the Team plan.
- Assign users to groups with specific access levels
- Principle of least privilege per project
Integration Syncs
Increase the sync limit from 100 to 500. Available as an add-on for the Team plan.
- Increase config sync limit from 100 to 500
Capabilities
Key Features
- Centralized secrets storage and management
- Doppler CLI for local development
- Service tokens and service accounts
- Config syncs to cloud providers and CI/CD tools
- Secrets referencing across environments
- Automatic and API-based secret rotation
- Role-Based Access Controls (RBAC)
- SAML SSO and Identity-Based Authentication
- Activity logs with configurable retention
- Webhooks and SDK support
- Official MCP Server for AI agent integration
- Change Requests with approval workflows
- Dynamic secrets (enterprise)
- Enterprise Key Management (EKM)
- Doppler On-prem deployment option
- Config inheritance across environments
- Trusted IP restrictions
- SCIM for enterprise directory sync
- Terraform integration
- Log forwarding (enterprise)
- Secret Health Analytics dashboard (enterprise)
- MFA support
- Secret visibility types
- Personal configs
