doppler-workflows

仓库: terrylica/cc-skills
安装量: 60
排名: #12502

安装

npx skills add https://github.com/terrylica/cc-skills --skill doppler-workflows

Doppler Credential Workflows Quick Reference

When to use this skill:

Publishing Python packages to PyPI Rotating AWS access keys Managing credentials across multiple services Troubleshooting authentication failures (403, InvalidClientTokenId) Setting up Doppler credential injection patterns Multi-token/multi-account strategies Core Pattern: Doppler CLI

Standard Usage:

doppler run --project --config --command=''

Why --command flag:

Official Doppler pattern (auto-detects shell) Ensures variables expand AFTER Doppler injects them Without it: shell expands $VAR before Doppler runs → empty string Quick Start Examples PyPI Publishing doppler run --project claude-config --config dev \ --command='uv publish --token "$PYPI_TOKEN"'

AWS Operations doppler run --project aws-credentials --config dev \ --command='aws s3 ls --region $AWS_DEFAULT_REGION'

Best Practices Always use --command flag for credential injection Use project-scoped tokens (PyPI) for better security Rotate credentials regularly (90 days recommended) Document with Doppler notes: doppler secrets notes set "" Use stdin for storing secrets: echo -n 'secret' | doppler secrets set Test injection before using: echo ${#VAR} to verify length Multi-token naming: SERVICE_TOKEN_{ABBREV} for clarity Reference Documentation

For detailed information, see:

PyPI Publishing - Token setup, publishing, troubleshooting AWS Credentials - Rotation workflow, setup, troubleshooting Multi-Service Patterns - Multiple PyPI packages, multiple AWS accounts AWS Workflow - Complete AWS credential management guide

Bundled Specifications:

PYPI_REFERENCE.yaml - Complete PyPI spec AWS_SPECIFICATION.yaml - AWS credential architecture Using mise [env] for Local Development (Recommended)

For local development, mise [env] provides a simpler alternative to doppler run:

.mise.toml

[ env ]

Fetch from Doppler with caching for performance

PYPI_TOKEN = "{{ cache(key='pypi_token', duration='1h', run='doppler secrets get PYPI_TOKEN --project claude-config --config prd --plain') }}"

For GitHub multi-account setups

GH_TOKEN = "{{ read_file(path=env.HOME ~ '/.claude/.secrets/gh-token-accountname') | trim }}"

When to use mise [env]:

Per-directory credential configuration Multi-account GitHub setups Credentials that persist across commands (not session-scoped)

When to use doppler run:

CI/CD pipelines Single-command credential scope When you want credentials auto-cleared after command

See mise-configuration skill for complete patterns.

PyPI Publishing Policy

For PyPI publishing, see pypi-doppler skill for LOCAL-ONLY workspace policy.

Do NOT configure PyPI publishing in GitHub Actions or CI/CD pipelines.

返回排行榜