Bring Secrets Management
to Windsurf
Create your Vinkius account to connect Doppler to Windsurf and start using all 12 AI tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code. No hosting, no server setup — just connect and start using.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Doppler MCP Server?
Connect your Doppler account to any AI agent and take full control of your secrets management through natural conversation.
What you can do
- Workspace & Project Discovery — List all workspaces and projects with their names, slugs and descriptions
- Config (Environment) Management — View all configs (development, staging, production) per project and their metadata
- Secret Auditing — List all secret names and computed values for any config, with environment fallback resolution
- Secret Operations — Add, update and delete secrets in any environment with atomic change requests
- Activity Logging — Review the full audit log of secret reads, writes, config changes and user activity per project
How it works
- Subscribe to this server
- Enter your Doppler Service Token or Personal Token
- Start managing your secrets from Claude, Cursor, or any MCP-compatible client
No more clicking through the Doppler dashboard to check a secret value or audit who changed DATABASE_URL. Your AI acts as a dedicated secrets engineer.
Who is this for?
- Developers — quickly look up secret values for any environment, verify config setups and audit secret inheritance without opening the Doppler UI
- DevOps Engineers — review activity logs, audit secret changes and verify project/environment structure for compliance
- Security Teams — track who modified which secrets, when and in which environment, enabling full audit trail review via conversation
Built-in capabilities (12)
Provide project_slug, config_name and a JSON object mapping secret names to values. For example: {"DATABASE_URL":"postgres://...","API_KEY":"sk-..."}. Existing secrets not included are not modified. Add or update secrets in a Doppler config
Provide project_slug, config_name and comma-separated secret names. WARNING: deleted secrets cannot be recovered. If a secret inherits a value from a parent, it reverts to that value. Delete secrets from a Doppler config
Returns account email, name, and token metadata (type, scope, permissions). Use this to verify your token is working correctly and understand its access level. Get the current Doppler account details
Returns config name, project, root status, associated environment template, creation date and locked status. Get details for a specific Doppler config
Provide the project slug (e.g. "my-api-project") and optionally the workspace slug. Get details for a specific Doppler project
Returns the secret name and its resolved value with fallbacks from parent environments applied. Get a specific secret value from a Doppler config
Each entry shows who performed what action, when and the affected config. Optionally filter by config_name. Useful for security auditing and compliance. List activity logs for a Doppler project
Each config represents a deployment environment (development, staging, production) and contains its own set of secrets. Returns config name, project slug, root status and environment template used. List configs (environments) for a Doppler project
g. development, staging, production, preview). Returns environment name, slug and whether it is the default environment. List Doppler environment types
Optionally filter by workspace slug. Each project contains configs (environments) and secrets. Returns project name, slug, description, and creation date. List Doppler projects
Returns each secret's name, computed value (with environment fallbacks applied), visibility status. Provide the project_slug and config_name. List all secrets for a Doppler config
A workspace is the top-level organizational unit in Doppler that groups projects. Returns workspace name, slug and creation date. List all Doppler workspaces
Why Windsurf?
Windsurf's Cascade agent chains multiple Doppler tool calls autonomously. query data, analyze results, and generate code in a single agentic session. Paste Vinkius Edge URL, reload, and all 12 tools are immediately available. Real-time tool feedback appears inline, so you see API responses directly in your editor.
- —
Windsurf's Cascade agent autonomously chains multiple tool calls in sequence, solving complex multi-step tasks without manual intervention
- —
Purpose-built for agentic workflows. Cascade understands context across your entire codebase and integrates MCP tools natively
- —
JSON-based configuration means zero code changes: paste a URL, reload, and all 12 tools are immediately available
- —
Real-time tool feedback is displayed inline, so you see API responses directly in your editor without switching contexts
Doppler in Windsurf
Why run Doppler with Vinkius?
The Doppler connection runs on our fully managed, secure cloud infrastructure. We handle the hosting, maintenance, and security so you don't have to deal with servers or code. All 12 tools are ready to work instantly without any complex setup.
You stay in complete control of your data. Your AI only accesses the information you approve, keeping your sensitive passwords and private details completely safe. Plus, with automatic optimizations, your AI works faster and more efficiently.
* Every connection is hosted and maintained by Vinkius. We handle the security, updates, and infrastructure so you don't have to write code or manage servers. See our infrastructure
Over 4,000 integrations ready for AI agents
Explore a vast library of pre-built integrations, optimized and ready to deploy.
Connect securely in under 30 seconds
Generate tokens to authenticate and link external services in a single step.
Complete visibility into every agent action
Audit live requests, latency, success rates, and active security compliance policies.
Optimize spending and track token ROI
Analyze real-time token consumption and cost metrics detailed by connection.
Explore our live AI Agents Analytics dashboard to see it all working
This dashboard is included when you connect Doppler using Vinkius. You will never be left in the dark about what your AI agents are doing with your tools.
Doppler and 4,000+ other AI tools. No hosting, no code, ready to use.
Professionals who connect Doppler to Windsurf through Vinkius don't need to write code, manage servers, or worry about security. Everything is pre-configured, secure, and runs automatically in the background.
Raw MCP | Vinkius | |
|---|---|---|
| Ready-to-use MCPs | Find and configure each manually | 4,000+ MCPs ready to use |
| Connection Setup | Manual coding & server setup | 1-click instant connection |
| Server Hosting | You host it yourself (needs 24/7 uptime) | 100% hosted & managed by Vinkius |
| Security & Privacy | Stored in plaintext config files | Bank-grade encrypted vault |
| Activity Visibility | Blind execution (no logs or tracking) | Live dashboard with real-time logs |
| Cost Control | Runaway AI token spend risk | Automatic budget limits |
| Revoking Access | Must delete files or code to stop | 1-click disconnect button |
How Vinkius secures
Doppler for Windsurf
Every request between Windsurf and Doppler is protected by our secure gateway. We automatically keep your sensitive data private, prevent unauthorized access, and let you disconnect instantly at any time.
Frequently asked questions
How do I create a Doppler Service Token?
Log in to the Doppler Dashboard, select your project, go to Settings > Tokens and click Generate Token. Choose the scope (project + config/environment), set the access level (Read or Read+Write) and copy the token immediately — it won't be shown again.
Can I update multiple secrets at once?
Yes! Use the change_secrets tool with a JSON object mapping names to values, e.g. {"DATABASE_URL":"postgres://new-host","API_KEY":"sk-new"}. This creates or updates all specified secrets in a single atomic operation.
What is the difference between a Personal Token and a Service Token?
A Personal Token is scoped to your user account and can access all workspaces and projects you have permission for. A Service Token is scoped to a specific project and config, with either read-only or read+write access. Service tokens are recommended for CI/CD and automated integrations, while personal tokens are better for development and admin tasks.
Can I view the activity history for a project?
Yes! Use the list_activity_logs tool with the project_slug to see all audit events (secret reads, writes, config changes, user additions). Optionally filter by config_name to see activity for a specific environment only. Each log entry shows who performed the action, when, and what was affected.
How does Windsurf discover MCP tools?
Windsurf reads the mcp_config.json file on startup and connects to each configured server via Streamable HTTP. Tools are listed in the MCP panel and available to Cascade automatically.
Can Cascade chain multiple MCP tool calls?
Yes. Cascade is an agentic system. it can plan and execute multi-step workflows, calling several tools in sequence to accomplish complex tasks without manual prompting between steps.
Does Windsurf support multiple MCP servers?
Yes. Add as many servers as needed in mcp_config.json. Each server's tools appear in the MCP panel and Cascade can use tools from different servers in a single flow.
Server not connecting
Check Settings → MCP for the server status. Try toggling it off and on.
Explore More MCP Servers
View all →
Sharetribe
9 toolsEquip your AI agent to autonomously manage your marketplace. Approve listings, transition transaction states, audit user profiles, and moderate reviews.
Firecrawl
6 toolsCrawl and scrape entire websites into clean LLM-ready markdown with a single API call that handles JavaScript rendering.
Idealista (Real Estate)
5 toolsSearch real estate via Idealista — find homes, commercial premises, and new developments in Spain, Italy, and Portugal.
Notion
12 toolsManage your Notion workspace, databases, and pages via AI.