Doppler MCP. Audit and manage every secret without leaving your chat.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Doppler MCP handles secrets management and environment variables directly from your AI agent. It lets you audit project structures, view current config settings (dev, staging, prod), read specific secret values with fallbacks, and track every change that happens in a secure conversation.
Manage all your sensitive data without opening the Doppler dashboard.
What your AI agents can do
Change secrets
Adds or updates secret values for a specific project configuration.
Delete secrets
Removes defined secrets from a specified project configuration.
Get account
Verifies the current Doppler account details, including token scope and permissions.
Retrieves a list of all workspaces and projects grouped by those workspaces.
Lists all available environments (like development, staging, or production) for a given project.
Fetches the current value of any specific secret, automatically resolving fallbacks from parent environments.
Adds, updates, or deletes credentials across defined project configurations in an atomic request.
Generates a detailed audit trail showing exactly who performed which action and when it happened.
Ask AI about this MCP
Supported MCP Clients
OAuth 2.0 Compatible Gemini Waiting for input…
Doppler: 12 Tools for Secret Management
These tools allow your AI agent to interact with every facet of your Doppler account—from listing top-level workspaces down to changing individual secret values.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Doppler on Vinkius019d842fchange secrets
Adds or updates secret values for a specific project configuration.
019d842fdelete secrets
Removes defined secrets from a specified project configuration.
019d842fget account
Verifies the current Doppler account details, including token scope and permissions.
019d842fget config
Retrieves metadata for a specific deployment environment configuration.
019d842fget project
Fetches general details about an entire Doppler project, given its slug.
019d842fget secret
Reads and returns the computed value of a specific secret name from an environment.
019d842flist activity logs
Shows a detailed, auditable history of all secret reads, writes, and configuration changes.
019d842flist configs
Returns a list of all environment configurations (like dev or prod) for an entire project.
019d842flist environments
Lists the available types of deployment environments in your account.
019d842flist projects
Retrieves a list of all projects and their creation dates across workspaces.
019d842flist secrets
Lists the names, computed values, and visibility status of all secrets within a config.
019d842flist workspaces
Provides a list of top-level organizational workspaces that contain multiple projects.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Doppler, then connect any of our 4,800+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,800+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Doppler. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 12 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Managing credentials feels like archaeology.
Today, checking a simple secret value means opening the Doppler dashboard, navigating to the correct workspace, selecting the project, then choosing 'staging,' finding the environment config, and finally clicking the specific key. You repeat this process for every single credential you need—the API keys, the database URLs, the service tokens. It's tedious, slow, and prone to human error.
With this MCP, that whole flow disappears. Just tell your agent what you want: 'What is the current value of the payment gateway key in staging?' And boom. You get the answer immediately, without opening a single browser tab. It’s instant data retrieval that respects your time.
Get full visibility with the list_secrets tool.
Instead of manually checking dozens of tabs to confirm which secrets are active and what values they hold across different environments, you simply ask the agent to run `list_secrets`. The agent returns a comprehensive view, showing all named credentials and their computed values for the given config.
You now have an immediate, single source of truth for your entire secret inventory. No more guessing if a key was updated or which environment is running stale data.
What you can do with this MCP connector
You connect your secrets management system to your AI agent and manage everything through natural language. Instead of navigating dashboards and clicking through dozens of tabs just to check an API key or see who changed the database URL, you talk to your agent. Your agent handles all the heavy lifting: listing every project workspace, viewing environment templates for a specific config, and even showing you the full audit log of who read which secret last week.
Because sensitive credentials pass through Vinkius's zero-trust proxy, your keys never sit on disk; they are only used in transit during the call. This means you get to manage complex environments—from listing all workspaces down to updating a single secret value—with full conversational control and high security.
It’s about treating your AI agent like a dedicated secrets engineer. You ask it to list all configs for backend-api, then ask for the DATABASE_URL in the 'prod' environment, and finally ask who changed that credential last month. The whole process is handled without you ever touching the UI.
019d842f-e053-713d-89fb-280d179b7cfc 
How Doppler MCP Works
- 1 Subscribe to this MCP and provide your Doppler Service or Personal Token.
- 2 Tell your AI agent what you need—for example, 'List all projects in the billing service.'
- 3 Your agent executes the necessary calls, returns the requested data (like a list of project slugs), and presents it back to you in conversation.
The bottom line is that your AI agent uses your credentials through Vinkius's secure layer to perform complex operations across multiple resource types without needing any UI interaction from you.
Who Is Doppler MCP For?
Anyone who spends too much time clicking through dashboard menus just to verify a simple credential or check compliance history. You’re the security auditor who needs an instant report, or the developer who can't wait for a manual pull request just to confirm a secret value.
Needs to review activity logs and verify project/environment structures quickly to ensure compliance.
Must look up specific secret values for development or staging environments without having to open the Doppler UI.
Needs to track exactly who modified which secrets, and when, across all configured environments.
What Changes When You Connect
- Eliminate manual lookups: Use
get_secretto pull a specific credential value—like the database URL—and see it instantly, including fallbacks from parent configs. - Maintain compliance records: Run
list_activity_logswhenever you need proof of who read or modified a secret and when. This is essential for security audits. - Structure verification: Use
list_projectsandlist_workspacesto quickly map out your entire credential topology, seeing which projects belong where. - Control changes: Need to update an API key? You can use
change_secretsto add or modify a secret in a specific environment without touching the UI. - Clean up resources: If a project is deprecated, you can run
delete_secretsto remove credentials and prevent orphaned data.
Real-World Use Cases
Auditing credential access
A security auditor needs to know if the CI/CD service account read the payment gateway key last night. They run list_activity_logs and immediately see a record showing the exact time, who accessed it, and what config was affected.
Verifying deployment setup
A developer is setting up a new service and needs to know if the production environment has all the required API keys. They run list_secrets for 'prod' and verify that every necessary credential, like the Stripe key, exists.
Onboarding a new team member
A manager needs to show a new hire the full organizational structure of services. They ask the agent to run list_workspaces and then drill down using list_projects to map out all active components.
Emergency credential rotation
A secret is compromised, and it needs immediate updating. The engineer uses change_secrets to push the new value for the master API key into the production config across all necessary environments.
The Tradeoffs
Assuming one source of truth
A developer sees a secret in their local IDE and assumes it's correct, leading to integration failures when deployed because the actual value is outdated or missing.
→
Always use get_secret through this MCP. It reads the computed value directly from Doppler, automatically resolving fallbacks and giving you the current, accurate source of truth.
Manual change requests
Needing to update five different database connection strings across staging and production requires logging into the dashboard multiple times and copy-pasting values.
→
Use change_secrets with one command. You provide the project, config name, and a JSON map of all new secrets. The agent handles the atomic updates for you.
Skipping audit checks
A team makes several changes to credentials but forgets to record who did what or when, leaving compliance records incomplete.
→
After any major operation, run list_activity_logs. This ensures every credential read and write is logged immediately, maintaining a perfect audit trail.
When It Fits, When It Doesn't
Use this MCP if your primary need is reading, listing, or modifying existing secrets and environments within Doppler. It's the definitive tool for operational visibility into credentials. Don't use it if you are trying to write new code logic that requires external API calls unrelated to credential management; in those cases, a specialized integration might be better suited. If your goal is purely policy validation (e.g., 'Does this secret meet PCI compliance standards?'), the tools only provide visibility, not enforcement. However, if you run list_secrets and then immediately follow up with list_activity_logs, you get a strong audit perspective that covers both state and history.
Common Questions About Doppler MCP
How do I create a Doppler Service Token? +
Log in to the Doppler Dashboard, select your project, go to Settings > Tokens and click Generate Token. Choose the scope (project + config/environment), set the access level (Read or Read+Write) and copy the token immediately — it won't be shown again.
Can I update multiple secrets at once? +
Yes! Use the change_secrets tool with a JSON object mapping names to values, e.g. {"DATABASE_URL":"postgres://new-host","API_KEY":"sk-new"}. This creates or updates all specified secrets in a single atomic operation.
What is the difference between a Personal Token and a Service Token? +
A Personal Token is scoped to your user account and can access all workspaces and projects you have permission for. A Service Token is scoped to a specific project and config, with either read-only or read+write access. Service tokens are recommended for CI/CD and automated integrations, while personal tokens are better for development and admin tasks.
Can I view the activity history for a project? +
Yes! Use the list_activity_logs tool with the project_slug to see all audit events (secret reads, writes, config changes, user additions). Optionally filter by config_name to see activity for a specific environment only. Each log entry shows who performed the action, when, and what was affected.
When should I use `list_projects` versus `get_project`? +
Use list_projects to see all available projects within a workspace. If you already know the project slug, then using get_project provides instant details on that specific container. This helps your agent scope down immediately before querying internal configs or secrets.
How does the `get_secret` tool handle environment fallbacks? +
The agent automatically resolves secret values using defined environment fallbacks. If a required secret value is missing in the current config, it checks parent environments until a value appears or confirms that no value exists anywhere.
What information do I get from `list_environments`? +
This tool returns a list of all configured deployment environments, such as development, staging, and production. It's key for your agent to confirm the exact scope you need before running operations like viewing secrets or making changes.
What is the critical warning when using `delete_secrets`? +
Deleted secrets cannot be recovered, so always verify the names first. Furthermore, if a secret inherits its value from a parent environment, deleting it will make the current config revert to that parent's inherited state.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.