# Doppler MCP

## Overview
- **Category:** loved-by-devs
- **Price:** Free
- **Tags:** secrets-management, environment-variables, doppler, api-keys, config-management

## Tools

### change_secrets
Provide project_slug, config_name and a JSON object mapping secret names to values. For example: {"DATABASE_URL":"postgres://...","API_KEY":"sk-..."}. Existing secrets not included are not modified.

Add or update secrets in a Doppler config

### delete_secrets
Provide project_slug, config_name and comma-separated secret names. WARNING: deleted secrets cannot be recovered. If a secret inherits a value from a parent, it reverts to that value.

Delete secrets from a Doppler config

### get_config
Returns config name, project, root status, associated environment template, creation date and locked status.

Get details for a specific Doppler config

### get_account
Returns account email, name, and token metadata (type, scope, permissions). Use this to verify your token is working correctly and understand its access level.

Get the current Doppler account details

### get_project
Provide the project slug (e.g. "my-api-project") and optionally the workspace slug.

Get details for a specific Doppler project

### get_secret
Returns the secret name and its resolved value with fallbacks from parent environments applied.

Get a specific secret value from a Doppler config

### list_activity_logs
Each entry shows who performed what action, when and the affected config. Optionally filter by config_name. Useful for security auditing and compliance.

List activity logs for a Doppler project

### list_configs
Each config represents a deployment environment (development, staging, production) and contains its own set of secrets. Returns config name, project slug, root status and environment template used.

List configs (environments) for a Doppler project

### list_environments
g. development, staging, production, preview). Returns environment name, slug and whether it is the default environment.

List Doppler environment types

### list_projects
Optionally filter by workspace slug. Each project contains configs (environments) and secrets. Returns project name, slug, description, and creation date.

List Doppler projects

### list_secrets
Returns each secret's name, computed value (with environment fallbacks applied), visibility status. Provide the project_slug and config_name.

List all secrets for a Doppler config

### list_workspaces
A workspace is the top-level organizational unit in Doppler that groups projects. Returns workspace name, slug and creation date.

List all Doppler workspaces

## Prompt Examples

**Prompt:** 
```
Show me all configs for my 'backend-api' project.
```

**Response:** 
```
I found 3 configs for 'backend-api': 'dev' (development, root config), 'staging' (staging, inherits from dev) and 'prod' (production, inherits from staging). Each has its own set of secrets.
```

**Prompt:** 
```
Update the DATABASE_URL secret in my prod config to point to the new database.
```

**Response:** 
```
Done! I've updated the `DATABASE_URL` secret in the prod config of your backend-api project. The new value has been applied and will be available to all services using this environment.
```

**Prompt:** 
```
Who changed secrets in my project in the last week?
```

**Response:** 
```
I found 14 activity events in the last 7 days: 3 secret updates by alice@company.com, 8 secret reads by the CI/CD service account, 2 config changes by bob@company.com and 1 new secret added by admin@company.com.
```

## Frequently Asked Questions

**How do I create a Doppler Service Token?**
Log in to the [**Doppler Dashboard**](https://dashboard.doppler.com), select your project, go to **Settings** > **Tokens** and click **Generate Token**. Choose the scope (project + config/environment), set the access level (Read or Read+Write) and copy the token immediately — it won't be shown again.

**Can I update multiple secrets at once?**
Yes! Use the `change_secrets` tool with a JSON object mapping names to values, e.g. `{"DATABASE_URL":"postgres://new-host","API_KEY":"sk-new"}`. This creates or updates all specified secrets in a single atomic operation.

**What is the difference between a Personal Token and a Service Token?**
A **Personal Token** is scoped to your user account and can access all workspaces and projects you have permission for. A **Service Token** is scoped to a specific project and config, with either read-only or read+write access. Service tokens are recommended for CI/CD and automated integrations, while personal tokens are better for development and admin tasks.

**Can I view the activity history for a project?**
Yes! Use the `list_activity_logs` tool with the project_slug to see all audit events (secret reads, writes, config changes, user additions). Optionally filter by config_name to see activity for a specific environment only. Each log entry shows who performed the action, when, and what was affected.