Doppler Secret Management
It should be noted that only users with administrative access can access the Kubernetes VLAN. They can access this either locally on the SETLab WiFi network or via VPN.
Doppler is already set up on the cluster, so this documentation will likely only be necessary in the event of disaster recovery, or a configuration change with the current doppler account.
What is Doppler?​
Doppler's secrets management platform helps teams secure, sync, and automate their secrets across environments and infrastructure. We use doppler to manage project secrets, as well as infrastructure secrets.
The Doppler kubernetes operator allows us to update secrets used in projects and infrastructure without having to re-deploy the service. When a secret change is detected, all of the affected services will automatically be re-deployed to match the new configuration.
Setup​
The setup process for Doppler is fairly simple. With the set-cluster active, run the following commands to install the operator via helm.
Add the Helm repository​
helm repo add doppler https://helm.doppler.com
If you already have the repository, you can update it using helm repo update.
Install the Helm chart​
helm install --generate-name doppler/doppler-kubernetes-operator
Configure Secret Syncing​
Before continuing, make sure you are logged in to the doppler CLI with an account that has access to the LJMU SET Doppler Org. For more information, view the Doppler documentation.
Quick Setup for installing the Doppler CLI | Doppler DocsLearn how to install and set up the Doppler CLI to securely manage secrets across environments. Covers OS installation, project setup, secret injection, and .env file replacement.Once you have confirmed that you are logged in to the appropriate Doppler account, run the following command to set up the secret syncing operator.
kubectl create secret generic doppler-token-secret \
--namespace doppler-operator-system \
--from-literal=serviceToken=$(doppler configure get token --plain)
Once this command completes, there is nothing further you will need to do. Kubernetes resources marked with the kind DopplerSecret will automatically start syncing.
More information about secret syncing can be found here.
Help us improve this content
Notice something that could be clearer? We’d love your help. If you spot a technical error or a simple typo, please feel free to jump in and fix it. You can also suggest improvements or report bugs by opening a GitLab issue.