Skip to main content

About Doppler

Iru calls the Doppler API with a Bearer token (Service Token or Personal Token). Evidence includes projects, environments, secret metadata (names, versions, change history), and team structure. Iru does not retrieve or store plaintext secret values - only metadata needed for compliance visibility.

How It Works

Authorization: Bearer YOUR_TOKEN
DetailValue
CategorySecrets management
AuthenticationBearer token (Service or Personal)
  • Service Token: Scoped to a specific project and config; use for narrow audits.
  • Personal Token: Follows your user’s access across projects; use for org-wide visibility.
Official references: Authentication, API reference, and API tokens.

Prerequisites

  • Doppler access to the projects and environments your program covers.

Connect Doppler to Iru

Complete this tab before you connect the source in Compliance.
1

Sign in to Doppler

Open the Doppler dashboard and sign in with a user who can create API tokens for the workplace or project Iru will read.
2

Open the API tokens screen

Navigate to API for your workplace (URL pattern similar to https://dashboard.doppler.com/workplace/api).
3

Generate a token

Select Generate Token (or Create token) to open the creation form.
4

Name the token

Enter a label such as Iru Compliance so you can revoke the correct credential during audits.
5

Choose Service vs Personal token

Pick Service Token when you want a narrow, project/config-scoped secret, or Personal Token when the integration should inherit your user access. Align the choice with least-privilege policy.
6

Generate, copy, and store the value

Generate the token and copy it once. Doppler shows it only at creation. Tokens do not expire unless revoked; keep them in a secrets manager until you paste into Iru Compliance.
Continue on the Iru Compliance tab.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
No extra spaces; confirm the token was not revoked in Doppler.
Service Tokens are single-project - use a Personal Token or additional scoped tokens per project.
Revoke in Doppler, issue a new token, update Iru.

Considerations

If a Personal Token’s user loses workspace access,…

If a Personal Token’s user loses workspace access, the token stops working - reconnect with an active account.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.