Doppler MCP. Audit, update, and retrieve any secret value instantly.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Doppler. Manage secrets and environment variables directly from your AI agent. List projects, audit secrets, view configurations, and run full audit logs without opening the Doppler dashboard.
It's full secret lifecycle control via natural conversation.
What your AI agents can do
Change secrets
Adds or updates secrets in a Doppler config by providing the project, config name, and a JSON mapping of secret names to new values.
Delete secrets
Removes secrets from a Doppler config given the project, config name, and a list of secret names. Deleted secrets cannot be recovered.
Get account
Returns metadata about your Doppler account, including email, name, and the token's scope and permissions.
List all top-level workspaces and the specific projects within them.
List all deployment environments (dev, staging, prod) associated with a specific project.
Retrieve a secret's resolved value for a given config, automatically applying environment fallback rules.
Add, update, or delete secrets within a specific config environment using atomic requests.
Get a full log of who accessed, modified, or changed configurations for a project.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Doppler MCP Server: 12 Tools for Secrets Ops
These tools let you query, audit, and modify all your secrets and environment variables directly via your AI agent, bypassing the Doppler web interface.
019d842fchange secrets
Adds or updates secrets in a Doppler config by providing the project, config name, and a JSON mapping of secret names to new values.
019d842fdelete secrets
Removes secrets from a Doppler config given the project, config name, and a list of secret names. Deleted secrets cannot be recovered.
019d842fget account
Returns metadata about your Doppler account, including email, name, and the token's scope and permissions.
019d842fget config
Retrieves details for a specific Doppler config, including its root status and associated environment template.
019d842fget project
Gets core details for a specific Doppler project using its slug and optionally a workspace slug.
019d842fget secret
Retrieves the resolved value of a specific secret name from a Doppler config, including fallbacks from parent environments.
019d842flist activity logs
Lists activity logs for a Doppler project, detailing who performed what action, when, and which config was affected.
019d842flist configs
Lists all deployment environments (like development, staging, production) for a given project.
019d842flist environments
Lists the available environment types (e.g., development, staging, production) supported by Doppler.
019d842flist projects
Lists all Doppler projects, providing their name, slug, description, and creation date.
019d842flist secrets
Lists all secrets available for a Doppler config, providing the computed value and visibility status.
019d842flist workspaces
Lists all top-level organizational workspaces, providing their name, slug, and creation date.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Doppler, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Yo, check this out. This Doppler MCP Server lets your AI agent handle all your secrets and environment variables. You get full lifecycle control without ever touching the Doppler dashboard. You can list all your top-level organizational workspaces using list_workspaces, and then check out all the specific projects inside them via list_projects.
You can also get the core details for a specific project using get_project with its slug and optionally a workspace slug. Want to see what environment types Doppler supports? Use list_environments to list all available environment types like development, staging, or production. For a specific project, you can list all the deployment environments—the configs—using list_configs.
When you're deep into a project, you can get the root status and template details for one specific config using get_config. You can also grab the full metadata for your whole Doppler account, including your email and the token's scope, with get_account.
To check what secrets you've got, you can list every secret available in a config using list_secrets, which gives you the computed value and visibility status for all of them. Need the actual value of one secret? Use get_secret to retrieve the resolved value of a specific secret name, automatically applying any environment fallback rules.
You can also audit the whole setup by getting the details for a single secret using get_secret.
Want to make changes? You can add or update secrets in a config by giving the project, config name, and a JSON map of secret names to new values using change_secrets. You can also wipe secrets out of a config using delete_secrets, providing the project, config name, and a list of secret names.
These deleted secrets can't be recovered, so you gotta be careful.
Need to know who touched what? Use list_activity_logs to list activity logs for a project, detailing exactly who did what action, when, and which config was affected. You can also list all projects using list_projects to see their name, slug, description, and creation date.
How Doppler MCP Works
- 1 Subscribe to the Doppler server and supply your Doppler Service Token or Personal Token.
- 2 Your AI agent connects to the service and verifies your access level using tools like
get_account. - 3 You tell your agent what you need—for example, 'Show me the secrets for the prod config of my API project.' The agent then calls the appropriate tools (
list_secrets,get_secret) to get the answer.
The bottom line is, you manage your entire secret lifecycle through conversation, without ever opening the Doppler dashboard.
Who Is Doppler MCP For?
This is for the DevOps Engineer who's tired of clicking through dashboards just to check if DATABASE_URL was changed last night. It's for the Security Auditor who needs to prove compliance without manually exporting logs. It's for the Developer who needs to verify a config setup quickly before pushing code.
Reviews activity logs via list_activity_logs, audits secret changes, and verifies project/environment structure for compliance checks.
Tracks who modified which secrets, when, and in which environment, enabling full audit trail review via conversation using list_activity_logs.
Quickly looks up secret values for any environment, verifies config setups, and audits secret inheritance without opening the Doppler UI using get_secret.
What Changes When You Connect
- Audit who touched what: Use
list_activity_logsto track every secret read, write, or config change for compliance. You get a clear, conversational log of activity. - See resolved secrets:
get_secretreturns the actual value, correctly resolving fallbacks from parent environments, so you don't need to guess the source. - Manage environments: Use
list_configsto see all deployment environments for a project. You instantly know if the staging or prod config is set up. - Full CRUD capability: You can modify secrets using
change_secrets(add/update) ordelete_secrets(remove) without ever opening the web UI. - Understand scope: Use
list_workspacesandlist_projectsto map the entire organizational structure and know exactly where a secret lives. - Check your access:
get_accountverifies your token's permissions and scope, ensuring your AI agent has the right access level before you start.
Real-World Use Cases
Verifying Production Credentials
A developer needs the DATABASE_URL for the prod environment. Instead of going to the Doppler UI and navigating project > config > secrets, they ask their agent. The agent uses get_secret and returns the resolved value immediately. Problem solved.
Auditing a Security Incident
A security team finds suspicious activity. They ask their agent, 'Who changed secrets in the last week?' The agent runs list_activity_logs, providing a consolidated report showing the user, action, and affected config. They get the full audit trail.
Restructuring a Project
A team is splitting projects. They first ask the agent to run list_workspaces to see the top level. Then they run list_projects to scope down. This allows them to map the entire structure before starting the move.
Cleaning Up Stale Secrets
A project was deprecated. Instead of manually deleting secrets in multiple environments, the engineer instructs the agent to run delete_secrets across all necessary configs, ensuring the cleanup is atomic and verifiable.
The Tradeoffs
Reliance on the UI
The developer clicks through the Doppler dashboard: Project -> Config -> Secrets. This takes five clicks, and they might miss an inherited value or the actual change history.
→
Use get_secret to pull the resolved value directly. If you need to know who changed it, run list_activity_logs. Your agent handles the complex navigation for you.
Guessing the Environment
The developer assumes the secret value is the same in staging and production, only to find out they are pointing to different databases and break the build.
→
Always run list_configs first to confirm all available environments. Then, use get_secret specifying the exact environment name (e.g., 'staging') to get the correct value.
Manual Cleanup Failure
The engineer remembers to delete secrets in the dev environment but forgets the prod environment, leaving the old credentials active and exposed.
→
Use delete_secrets and specify all required project slugs and config names in one request. This ensures you cover every necessary scope in an atomic operation.
When It Fits, When It Doesn't
Use this Doppler server if your workflow demands automated, auditable interaction with secrets and configurations. You need to know who changed what, and you need to be able to change it programmatically. Do use it if: You need to audit secret history using list_activity_logs, or if you need to programmatically update credentials using change_secrets. Don't use it if: You only need to view a list of all possible environments. In that case, simply calling list_environments is enough, and you don't need the full secret management capability.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Doppler. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 12 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Checking a secret value shouldn't require five clicks.
Right now, checking a simple secret like a database connection string means logging into Doppler. You navigate to the project, then click the environment, then find the secret name. You copy the value, hoping you didn't miss an inherited value or forget which environment you were viewing.
With this MCP server, you just ask your agent. You tell it, 'What's the `DATABASE_URL` for production?' and it runs the necessary tools (`get_secret`) to get the resolved value. It's instant, and you know exactly where that value came from.
Doppler MCP Server: Full Secret Control
Manual secret management involves separate tasks for listing secrets (`list_secrets`), updating them (`change_secrets`), and reviewing logs. You have to run these commands in separate tabs and remember to scope them correctly.
Now, your agent handles the whole lifecycle. You can combine requests: 'First, list all configs, then update the API key in staging, and finally, log the activity.' It treats secrets management like a single, conversational flow.
Common Questions About Doppler MCP
How do I use the `list_secrets` tool with Doppler MCP Server? +
The list_secrets tool lists all secrets for a specific config. You must provide both the project_slug and the config_name so the agent knows exactly where to look.
Can I use `delete_secrets` to remove a secret value? +
Yes, delete_secrets removes the secret from the specified config. Remember that deleted secrets are permanently gone, so double-check your project and config names first.
Does `get_secret` show the real value if it's inherited? +
Yes, get_secret resolves the final value by applying fallbacks from parent environments. It shows you the actual value your application will use, even if it wasn't defined locally.
How do I check who changed things using `list_activity_logs`? +
You run list_activity_logs and optionally provide a config_name to filter the results. The log shows the user, the action (read/write), and the specific time.
What is the difference between `list_configs` and `list_environments`? +
list_configs shows the actual deployment environments (like 'staging' or 'prod') tied to a project. list_environments shows the general types of environments Doppler supports (like 'development' or 'preview').
How do I use `get_project` to verify if a workspace slug is correct? +
It verifies the project details using the provided slug. You must supply both the project slug and, if known, the workspace slug. This confirms the project's existence and gives you its full metadata.
What happens if I use `change_secrets` with an incomplete JSON object? +
It only modifies the secrets you specify. If you omit a secret from the JSON object, the existing value remains untouched. You'll only update what you explicitly tell it to change.
Can I use `list_workspaces` to check which projects belong to a specific organization? +
Yes, it lists all top-level organizational units. Each workspace contains multiple projects, allowing you to see which projects are grouped under a specific organizational boundary.
How do I create a Doppler Service Token? +
Log in to the Doppler Dashboard, select your project, go to Settings > Tokens and click Generate Token. Choose the scope (project + config/environment), set the access level (Read or Read+Write) and copy the token immediately — it won't be shown again.
Can I update multiple secrets at once? +
Yes! Use the change_secrets tool with a JSON object mapping names to values, e.g. {"DATABASE_URL":"postgres://new-host","API_KEY":"sk-new"}. This creates or updates all specified secrets in a single atomic operation.
What is the difference between a Personal Token and a Service Token? +
A Personal Token is scoped to your user account and can access all workspaces and projects you have permission for. A Service Token is scoped to a specific project and config, with either read-only or read+write access. Service tokens are recommended for CI/CD and automated integrations, while personal tokens are better for development and admin tasks.
Can I view the activity history for a project? +
Yes! Use the list_activity_logs tool with the project_slug to see all audit events (secret reads, writes, config changes, user additions). Optionally filter by config_name to see activity for a specific environment only. Each log entry shows who performed the action, when, and what was affected.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
DigitalOcean
Equip your AI agent to manage cloud infrastructure, track Droplets, and monitor managed databases via the DigitalOcean API.
Builder.io
Manage your visual CMS via Builder.io — track content entries, models, and symbols directly from any AI agent.
Dokku
Manage self-hosted apps via Dokku — monitor containers, scale processes, handle environment variables, and stream logs directly from any AI agent.
You might also like
Kavkom
Set up a professional cloud phone system with call routing, IVR menus, and analytics designed for European businesses.
Mollie
Manage payments, orders, and customers via Mollie — track transactions and manage your e-commerce finances directly from your AI agent.
Join
Manage recruiting, jobs, and candidates via JOIN API.