# Doppler

> Doppler is a secrets management platform that securely stores, manages, and syncs API keys, database URLs, and other sensitive credentials across teams, pipelines, and AI agents.

Doppler is a secrets management platform built for modern engineering teams, handling everything from solo developer projects to large enterprise deployments. Founded in 2018 by Brian Vallelunga after frustration with clunky existing tools, Doppler is designed to make security as appealing as developer productivity. The platform is available as a cloud service or, as of its latest launch, as an on-premises deployment option.

## What It Is

Doppler sits in the secrets management category — the infrastructure layer responsible for storing, distributing, and rotating sensitive application credentials like API keys, database URLs, and certificates. Rather than scattering secrets across `.env` files, CI/CD environment variables, or cloud-native vaults with steep learning curves, Doppler provides a unified dashboard, CLI, and API that developers, DevOps engineers, and security teams can all use. The platform positions itself as a developer-friendly alternative to tools like HashiCorp Vault, Akeyless, and Infisical.

## Core Capabilities

Doppler's feature set spans the full secrets lifecycle:

- **Centralized secret storage** with projects, environments, and config inheritance
- **Doppler CLI** for injecting secrets into local development workflows
- **Service tokens and service accounts** for machine-to-machine access
- **Config syncs** to push secrets directly to AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Vercel, Heroku, GitHub Actions, and more
- **Secrets referencing** to avoid duplication across environments
- **Automatic secret rotation** and API-based rotation
- **Role-Based Access Controls (RBAC)**, SAML SSO, and Identity-Based Authentication for team access management
- **Activity logs** with configurable retention for audit trails
- **Webhooks and SDK support** for automation and custom integrations
- **Official MCP Server** for AI agent and workflow integration
- **Change Requests** for controlled secret updates with approval workflows
- **Dynamic secrets** and Enterprise Key Management (EKM) at the enterprise tier

## Deployment Model: Cloud and On-Premises

Doppler historically operated as a cloud-only SaaS. The company recently launched **Doppler On-prem**, described on the homepage as "modern secrets management within your infrastructure." This makes Doppler available to organizations with strict data residency or compliance requirements that cannot use cloud-hosted secret stores. The enterprise tier explicitly lists "Doppler On-prem or Cloud" as a deployment option, alongside features like proxied secret rotation, log forwarding, and custom activity log retention.

## Integrations and Where It Fits in the Stack

Doppler markets itself as a central hub for secure integrations, connecting to the most common infrastructure and deployment targets:

- **Cloud providers**: AWS Secrets Manager, Azure Key Vault, GCP Secret Manager
- **CI/CD and hosting**: GitHub Actions, Vercel, Heroku
- **Monitoring and SIEM**: Splunk, Datadog, Sumo Logic (enterprise tier)
- **Identity providers**: SAML SSO, SCIM for enterprise directory sync
- **Infrastructure as code**: Terraform (manage groups and configuration)
- **AI and automation**: Official MCP Server for AI agent access to secrets

The pricing page notes that Doppler uses user-based pricing with no extra costs for non-human identities — a deliberate design choice for teams running AI agents and automated workflows alongside human engineers.

## Compliance and Security Posture

Doppler is SOC 2 and ISO compliant, with a public trust page at trust.doppler.com. The platform advertises 99.99% historical annual uptime and offers a 99.95% SLO at the enterprise tier. The homepage cites, as a vendor-published claim, that "49% of breaches involve credentials, with 86% of web application attacks stemming from stolen credentials" as context for the secrets sprawl problem Doppler addresses. The platform includes MFA, secret visibility types, trusted IP restrictions, and a bug bounty program via HackerOne.

## Update: Doppler On-Prem Launch

The most notable recent product development is the launch of **Doppler On-prem**, prominently announced at the top of the homepage and pricing page. This extends Doppler's deployment options beyond cloud-only SaaS, targeting enterprises with on-premises infrastructure requirements. The enterprise tier now explicitly includes on-prem deployment, proxied secret rotation, and on-prem secret rotation as distinct capabilities. The pricing page also lists an **Official MCP Server** as a feature available across plans, signaling Doppler's positioning for AI agent workflows as a current product direction.

## Features
- Centralized secrets storage and management
- Doppler CLI for local development
- Service tokens and service accounts
- Config syncs to cloud providers and CI/CD tools
- Secrets referencing across environments
- Automatic and API-based secret rotation
- Role-Based Access Controls (RBAC)
- SAML SSO and Identity-Based Authentication
- Activity logs with configurable retention
- Webhooks and SDK support
- Official MCP Server for AI agent integration
- Change Requests with approval workflows
- Dynamic secrets (enterprise)
- Enterprise Key Management (EKM)
- Doppler On-prem deployment option
- Config inheritance across environments
- Trusted IP restrictions
- SCIM for enterprise directory sync
- Terraform integration
- Log forwarding (enterprise)
- Secret Health Analytics dashboard (enterprise)
- MFA support
- Secret visibility types
- Personal configs

## Integrations
AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Vercel, Heroku, GitHub Actions, Splunk, Datadog, Sumo Logic, Terraform, Slack, Microsoft Teams, Discord, SAML SSO providers, SCIM directory providers

## Platforms
IOS, WEB, API, VSC_EXTENSION, CLI

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://www.doppler.com
- Documentation: https://docs.doppler.com/
- EveryDev.ai: https://www.everydev.ai/tools/doppler
