14
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill terrylica/cc-skills --skill doppler-secret-validation- SKILL.md6.6 KB
Overview
This skill validates and tests Doppler-managed secrets, ensuring tokens and credentials are correctly stored, retrieved, and usable for API authentication. It provides CLI-backed checks, format validation, and bundled scripts to run storage and authentication tests. Use it to reduce deployment failures by verifying secrets before they reach production.
How this skill works
The skill inspects token formats, then sets or verifies secrets in Doppler via the Doppler CLI. It uses a validation script to confirm existence and environment injection, and an auth test script to perform API-specific authentication attempts. It can run tests inside doppler run so credentials are never exposed in long-lived shells.
When to use it
- Adding API tokens or credentials to Doppler (PyPI, GitHub, AWS, etc.).
- You hear requests like “add to Doppler”, “store secret”, or “validate token”.
- Before CI/CD or production deploys to confirm authentication works.
- When debugging secret retrieval or environment injection issues.
- When syncing secrets across multiple configs (dev, stg, prd).
Best practices
- Validate token format and prefixes before adding to Doppler (mask output).
- Prefer doppler run to inject secrets for single-command scope and avoid long-lived exports.
- Never log full secrets; show masked prefixes and lengths instead.
- Keep separate Doppler configs per environment and explicitly set --project and --config flags.
- Document secrets and usage patterns in the project README or internal docs; add notes via the Doppler dashboard.
Example use cases
- Validate a new PyPI API token before enabling automated package uploads in CI.
- Add and test a GitHub personal access token for multi-account developers using mise [env] integration.
- Verify AWS access keys are present and correctly injected into a build environment.
- Run a cross-config check to ensure TOKEN values differ appropriately between dev, stg, and prd.
- Troubleshoot a 401 from an API by revalidating the stored secret and re-running the auth test script.
FAQ
Print masked prefix and length locally (avoid logging full value) to verify expected prefixes like pypi-, ghp_, AKIA, and expected lengths.
What if an auth test returns 401?
Regenerate the token at the provider, re-add the secret to Doppler, then re-run the validation and auth test scripts. Also verify you used the right project/config flags.
When should I use mise [env] vs doppler run?
Use doppler run for ephemeral CI/script injections. Use mise [env] for directory-scoped, persistent local workflows or multi-account setups where cached reads improve developer experience.