[FEATURE] Multiple project and config access at once through a single token or command line

[Grraahaam]

Is your feature request related to a problem? Please describe.

Today, AKAIK there's no easy way to run Doppler's CLI in a monorepo with multiple services divided into multiple Doppler projects, e.g. doppler run -- docker-compose up -d ...

• https://docs.doppler.com/docs/install-cli#project-setup
• https://docs.doppler.com/docs/docker-compose (useful, great doc, but still a bit hacky IMO)
  • https://docs.doppler.com/docs/docker-compose#option-1-dockerfile
  • Seems to be the only way to inject secrets from different Doppler project but it means : changing all the existing Dockerfile (e.g. to add a "doppler setup" stage)
  • https://docs.doppler.com/docs/docker-compose#option-2-container-env-vars (great doc! But..)
  • Doesn't seems to support injection from multiple tokens/projects 🤔
• https://community.doppler.com/t/docker-compose-monorepo-usage/667/2
• https://community.doppler.com/t/monorepo-access-token-setup-tedious/599

Imagine a monorepo with three services (pretty common) controlled by docker-compose :

• frontend
• backend
• database

I have a Doppler project for each of the above services (best practice?) and I can't easily find a way without refactoring the code (e.g. Dockerfile) to inject my secrets within when running docker-compose

Describe the solution you'd like

Doppler monorepo best practices support/documentation

Describe alternatives you've considered

1. Maybe adaptation of the API/CLI (I presume, to generate tokens bound to multiple projects) and corresponding dashboard/CLI option to generate access token to multiple projects, bound to a single config (otherwise it won't make sense 🙃 )
2. Or just a feature in the CLI that could loop through a list of projects/configs (structure defined below) and inject all of those secrets at once when running doppler run -- <command>

For the token structure, the token xxxx-xxxxxxxxxxxxxxx-xxxxxxx points to three different Doppler projects (<project-name>:<config>) :

• project-one:dev
• project-three:dev
• project-four:prd

When requesting the secrets with this token, I'd like to get all the secrets of the above projects (from their respective configs), making it mono-repo friendly by allowing the user to easily inject multiple Doppler projects secrets into a single app (made of multiple services)

⚠️ There might be a conflict between same env names, in that case we could either warn the user and block the token creation until he fixes the name duplications or overwrite the value with the latest variable of the same name

For the CLI, here's two suggestions :

Interactive setup

# Allow multiple project selection (e.g. spacebar)
$ doppler setup
"Space to select, Enter to confirm"
> project-one
  project-two
  project-three
> project-four

# Press <ENTER>

# Select a single config per project
$ doppler setup
"Space to select, Enter to confirm"

"Select config for : project-one"
> dev
  stg
  prd
"Select config for : project-four"
  dev
> stg
  prd

And the doppler.yaml repository setup file could look like the following :

setup:
    project: project-global
    config: dev
    projects:
        - project: project-api
          config: dev
          path: ./api
        - project: project-backend
          config: dev
          path: ./backend
        - project: project-frontend
          config: stg
          path: ./frontend

Then, running doppler setup --no-interactive would auto-generate the following entries in ~/.doppler/.dopler.yaml :

scoped:
    /home/user/doppler-demo:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-global
        enclave.config: dev
    /home/user/doppler-demo/api:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-api
        enclave.config: dev
    /home/user/doppler-demo/backend:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-backend
        enclave.config: dev
    /home/user/doppler-demo/frontend:
        token: secret-xxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxx
        api-host: https://api.doppler.com
        dashboard-host: https://dashboard.doppler.com
        enclave.project: project-frontend
        enclave.config: stg

Finally, how to use it in the CLI :

# Only returns the secrets from the filepath scope (e.g. in  /home/user/doppler-demo/api only project-api:dev secrets)
doppler secrets

# Returns all the secrets from the filepath scope and childrens defined in doppler.yaml
doppler secrets --all

# Allowing the user to inject all its secrets in a single simple command
doppler run --all -- docker-compose up -d

---

Inline command

# Get secrets from multiple projects passed inline (':' aren't allowed in the project names so it works as a separator) 
doppler secrets --project project-one:dev,project-two:stg

---

Despite the above, Doppler is great tool! Very handy & convenient, good work! 💪🏽 👏🏽

[Piccirello]

The Doppler CLI now supports specifying multiple configurations in your doppler.yaml file (#394). Let me know if you have any questions!