doppler run <command>

Run a command with secrets injected into the environment

Arguments

NameDescription
command

Subcommands

NameDescription
cleanDelete old fallback files

Options

NameDescription
--api-host <string>The host address for the Doppler API (default "https://api.doppler.com")
--configuration <string>Config file (default "~/.doppler/.doppler.yaml")
--dashboard-host <string>The host address for the Doppler Dashboard (default "https://dashboard.doppler.com")
--debug <string>Output additional information
--dns-resolver-address <string>Address to use for DNS resolution (default "1.1.1.1:53")
--dns-resolver-proto <string>Protocol to use for DNS resolution (default "udp")
--dns-resolver-timeout <duration>Max dns lookup duration (default 5s)
--enable-dns-resolverBypass the OS's default DNS resolver
--jsonOutput json
--no-check-versionDisable checking for Doppler CLI updates
--no-read-envDo not read config from the environment
--no-timeoutDisable http timeout
--no-verify-tls
  • Dangerous 💥
--print-configOutput active configuration
--scope <string>The directory to scope your config to (default ".")
--silentDisable output of info messages
--timeout <duration>Max http request duration (default 10s)
--token, -t <string>Doppler token
--config <string>Config (e.g. dev)
--fallback-onlyRead all secrets directly from the fallback file, without contacting Doppler. secrets will not be updated. (implies --fallback-readonly)
f <string>Path to the fallback file. encrypted secrets are written to this file after each successful fetch. secrets will be read from this file if subsequent connections are unsuccessful
--fallback-readonlyDisable modifying the fallback file. secrets can still be read from the file
-h, --helpHelp for run
--no-cacheDisable using the fallback file to speed up fetches. the fallback file is only used when the API indicates that it's still current
--no-exit-on-write-failureDo not exit if unable to write the fallback file
--no-fallbackDisable reading and writing the fallback file
--passphrase <string>Passphrase to use for encrypting the secrets file. the default passphrase is computed using your current configuration
-p, --project <string>Project (e.g. backend)
--command <string>Command to execute (e.g. "echo hi")
--forward-signalsForward signals to the child process (defaults to false when STDOUT is a TTY)
--preserve-envIgnore any Doppler secrets that are already defined in the environment. this has potential security implications, use at your own risk