We use Doppler as the single source of truth for sensitive configuration across environments.
Secrets stored in Doppler are automatically injected into the app at runtime and mapped to configuration keys via custom-environment-variables.yml.
-
Sign in to Doppler
Log in at https://dashboard.doppler.com with the Platform team's credentials. -
Select the flask-react-template project
Theflask-react-templateproject centralizes secrets for the full stack (frontend + backend). -
Choose an environment
- preview – Used by PR preview builds.
- production – Live environment.
-
Add or edit secrets
- Click “Secrets” → “Add Secret”.
- Enter the key exactly as referenced in
custom-environment-variables.yml. - Provide the value and save.
-
Deploy
The next deployment will pick up the new secret automatically.
custom-environment-variables.yml maps a config path to an env-var name (the Doppler key).
Example fragment:
mongodb:
uri: 'MONGODB_URI'
demo:
host: 'DEMO_HOST'
port:
__name: 'DEMO_PORT'
__format: 'number'| Doppler Secret | Overrides Config Key | Notes |
|---|---|---|
MONGODB_URI |
mongodb.uri |
String value |
DEMO_HOST |
demo.host |
String value |
DEMO_PORT |
demo.port (as number) |
Cast to number via __format: number |
Empty or unset secrets are ignored and fallback to the value defined in the corresponding YAML config.
- Never commit secrets to the repository.
- Use preview for testing; production secrets should be tightly controlled.
- Remove deprecated keys promptly to avoid confusion.
- If you add a new mapping in
custom-environment-variables.yml, remember to create the matching secret in Doppler for every active environment.