Doppler API Key

Bridgecrew Policy ID: BC_GIT_36
Chekov Check ID: CKV_SECRET_36
Severity: LOW

Doppler API Key

Description

The API uses Doppler tokens to authenticate requests. You can generate and manage your tokens in the dashboard on the Tokens page. Tokens carry many privileges, so be sure to keep them secure! Do not store your secret tokens in an .env file or share them in publicly accessible areas such as GitHub, client-side code, etc. Personal and CLI tokens can both read and write in a workspace and service tokens are read-only in a single configuration.

Fix - Buildtime

Doppler

curl --request POST \
     --url https://api.doppler.com/v3/auth/revoke \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --data '
{
     "token": "<YOUR TOKEN>"
}
'