Loading...
Loading...
Validate and test Doppler secrets. TRIGGERS - add to Doppler, store secret, validate token, test credentials.
npx skill4agent add terrylica/cc-skills doppler-secret-validation# Check token format, length, prefix
python3 -c "token = 'TOKEN_VALUE'; print(f'Prefix: {token[:20]}...'); print(f'Length: {len(token)}')"pypi-...ghp_...doppler secrets set SECRET_NAME="value" --project PROJECT --config CONFIGdoppler secrets set PYPI_TOKEN="pypi-AgEI..." \
--project claude-config --config prd--note/usr/bin/env bash << 'VALIDATE_EOF'
cd ${CLAUDE_PLUGIN_ROOT}/skills/doppler-secret-validation
uv run scripts/validate_secret.py \
--project PROJECT \
--config CONFIG \
--secret SECRET_NAME
VALIDATE_EOFdoppler runuv run scripts/validate_secret.py \
--project claude-config \
--config prd \
--secret PYPI_TOKEN/usr/bin/env bash << 'CONFIG_EOF'
cd ${CLAUDE_PLUGIN_ROOT}/skills/doppler-secret-validation
doppler run --project PROJECT --config CONFIG -- \
uv run scripts/test_api_auth.py \
--secret SECRET_NAME \
--api-url API_ENDPOINT
CONFIG_EOFdoppler run --project claude-config --config prd -- \
uv run scripts/test_api_auth.py \
--secret PYPI_TOKEN \
--api-url https://upload.pypi.org/legacy//usr/bin/env bash << 'CONFIG_EOF_2'
# Pattern 1: Doppler run (recommended for CI/scripts)
doppler run --project PROJECT --config CONFIG -- COMMAND
# Pattern 2: Manual export (for troubleshooting)
export SECRET_NAME=$(doppler secrets get SECRET_NAME \
--project PROJECT --config CONFIG --plain)
CONFIG_EOF_2[env]# .mise.toml
[env]
# Option A: Direct Doppler CLI fetch (slower, always fresh)
GH_TOKEN = "{{ exec(command='doppler secrets get GH_TOKEN --project myproject --config prd --plain') }}"
GITHUB_TOKEN = "{{ exec(command='doppler secrets get GH_TOKEN --project myproject --config prd --plain') }}"
# Option B: Cache for performance (1 hour cache)
GH_TOKEN = "{{ cache(key='gh_token', duration='1h', run='doppler secrets get GH_TOKEN --project myproject --config prd --plain') }}"
GITHUB_TOKEN = "{{ cache(key='gh_token', duration='1h', run='doppler secrets get GH_TOKEN --project myproject --config prd --plain') }}"GH_TOKENGITHUB_TOKENdoppler run[env]mise-configuration# Production
doppler secrets set TOKEN="prod-value" --project foo --config prd
# Development
doppler secrets set TOKEN="dev-value" --project foo --config dev/usr/bin/env bash << 'CONFIG_EOF_3'
for config in dev stg prd; do
echo "=== $config ==="
doppler secrets get TOKEN --project foo --config $config --plain | head -c 20
echo "..."
done
CONFIG_EOF_3${SECRET:0:20}...brew install dopplerhq/cli/doppler| Issue | Cause | Solution |
|---|---|---|
| Secret not found | Wrong project/config specified | Verify with |
| Auth test fails with 401 | Token expired or invalid | Regenerate token, re-add to Doppler |
| doppler run hangs | CLI waiting for input | Add |
| Token prefix mismatch | Wrong token type used | Check expected format (pypi-, ghp-, AKIA, etc.) |
| Validation script not found | Wrong directory context | Ensure CLAUDE_PLUGIN_ROOT is set correctly |
| Secret retrieval empty | Secret name typo | List secrets: |
| mise cache stale | Duration expired | Clear cache or reduce duration setting |
| Multiple configs confusion | Secrets differ across envs | Use explicit --config flag for each command |