doppler-workflows_skill

This skill helps you securely manage PyPI publishing, AWS credentials, and Doppler secrets with automated injection and best-practice patterns.
  • TypeScript

14

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill terrylica/cc-skills --skill doppler-workflows

  • AWS_SPECIFICATION.yaml6.9 KB
  • AWS_WORKFLOW.md10.6 KB
  • PYPI_REFERENCE.yaml19.0 KB
  • SKILL.md4.6 KB

Overview

This skill provides credential and publishing workflows that use Doppler to inject and manage secrets for PyPI publishing, AWS operations, and multi-service credential patterns. It codifies safe CLI patterns, rotation guidance, and quick troubleshooting to avoid common authentication failures. The content is focused on practical commands, testing, and configuration options for CI and local development.

How this skill works

The skill inspects workflow patterns and recommends using doppler run --project <project> --config <config> --command='<command>' so secrets are injected before shell expansion. It documents concrete examples for publishing to PyPI and running AWS commands, plus alternatives like mise [env] for per-directory or persistent local credentials. Troubleshooting entries map common errors to focused fixes and rotation steps.

When to use it

  • Publishing Python packages to PyPI from local or scripted environments
  • Running AWS CLI commands or automations that require temporary credentials
  • Rotating or rotating-checking access keys for AWS and other services
  • Setting up credential injection patterns in CI/CD or local development
  • Managing multi-token or multi-account credential strategies

Best practices

  • Always use --command flag with doppler run so variables expand after injection
  • Prefer project-scoped tokens (for PyPI) and short-lived credentials where possible
  • Rotate credentials regularly (recommend ~90 days) and automate updates in Doppler
  • Validate injection before use (e.g., echo ${#VAR} to test length)
  • Store secrets via stdin and use Doppler notes for audit/context (doppler secrets notes set)

Example use cases

  • Publish a package to PyPI: doppler run --project claude-config --config dev --command='uv publish --token "$PYPI_TOKEN"'
  • List S3 buckets with injected AWS creds: doppler run --project aws-credentials --config dev --command='aws s3 ls --region $AWS_DEFAULT_REGION'
  • Local dev with persistent per-directory creds: configure .mise.toml and use mise [env] to cache Doppler secrets
  • Rotate an AWS access key and update Doppler, then verify by running an aws sts get-caller-identity command via doppler run
  • Set up multi-account tokens using deterministic names like SERVICE_TOKEN_{ABBREV} and document intent with Doppler notes

FAQ

--command ensures Doppler injects secrets before any shell performs variable expansion, preventing empty values and accidental leakage in the environment.

When should I use mise [env] instead of doppler run?

Use mise [env] for per-directory, persistent credential configurations or multi-account GitHub setups. Use doppler run for CI, single-command scopes, or when you want credentials cleared after command execution.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
doppler-workflows skill by terrylica/cc-skills | VeilStrat