Doppler is a secrets management platform that helps developers organize and sync environment variables across teams and infrastructure.
Doppler is a secrets management platform that helps developers organize and sync environment variables across teams and infrastructure. On Nagent, Doppler is exposed as a fully-configurable developer tools integration that any agent can call — 62 actions, and API key authentication. No code is required to wire Doppler into your workflow — connect it once via the External Integrations panel and reuse it across every agent you build.
Agent builders use Doppler to automate the kinds of tasks developer tools teams previously handled manually. Concrete examples — each one is a single agent step in Nagent — include:
Every action and trigger is paired with a structured input/output schema (visible in the sections below), so when you wire Doppler into Helix — our agentic agent builder — the editor knows exactly what each step expects and produces. Configure once, deploy anywhere across your Nagent agents.
Every operation an agent can call against Doppler, with input parameters and output schema. Drop these into any step of an agent built in Helix.
DOPPLER_ACTIVITY_LOGS_LISTList workplace activity logs with pagination support. Retrieves a paginated list of activity logs showing actions performed by users and bots in your Doppler workplace, such as creating projects, modifying secrets, generating tokens, and other workspace events. Each log entry includes details about the actor, timestamp, and affected resources. Use this tool when you need to audit workplace activity, track changes, or investigate who performed specific actions.
Input parameters
Page number for pagination (default: 1)
Number of items per page (default: 20)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ACTIVITY_LOGS_RETRIEVERetrieve detailed information about a specific activity log entry. Activity logs track all actions performed in the Doppler workplace including project creation, secret modifications, user actions, etc. Use the List Activity Logs action to discover available log IDs.
Input parameters
The Activity Log's unique identifier. Obtain log IDs from the List Activity Logs action.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ADD_WEBHOOKTool to create a new webhook for a Doppler project. Use when you need to configure webhook notifications for secret changes or other events in a project. The webhook URL must use HTTPS. Optionally configure authentication, specific configs to monitor, custom payload templates, or request signing secrets.
Input parameters
The webhook URL. Must be https for security.
Secret key for webhook request signing verification. See: https://docs.doppler.com/docs/webhooks#verify-webhook-with-request-signing
Custom JSON payload template. See: https://docs.doppler.com/docs/webhooks#default-payload
The project's name or slug identifier
Authentication configuration for the webhook.
Config slugs that the webhook should be enabled for. If not specified, webhook applies to all configs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_AUTH_METool to retrieve information about the authenticated user or token. Use when you need to verify authentication status or get details about the current token's workplace and permissions.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIG_LOGS_GETTool to retrieve a specific config log from Doppler. Use when you need to view details about a particular configuration change or event.
Input parameters
Unique identifier for the log object.
Name of the config object.
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIG_LOGS_LISTTool to retrieve configuration change logs for a specific config in a project. Use when you need to view the history of configuration changes, track who made changes, or identify rollback actions.
Input parameters
Page number for pagination.
Name of the config object.
Unique identifier for the project object.
Number of items per page for pagination.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIG_LOGS_ROLLBACKTool to rollback a config to a selected log version. Use when needing to undo a specific change by its log ID, after confirming project, config, and log ID.
Input parameters
The Config Log ID to roll back
Name of the config where the log occurred
Unique identifier of the project containing the config
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_CLONETool to clone a branch config including all its secrets. Use after confirming the source config details.
Input parameters
Name for the new cloned config. This will create a new branch config with all secrets from the source config.
Name of the branch config to clone (must be a non-root config).
Unique identifier of the project where the source config resides.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_CREATETool to create a branch config. Use when you need to programmatically establish a new branch-based configuration for a specified project and environment. The config name MUST start with the environment identifier followed by an underscore (e.g., 'dev_feature' for dev environment). Use after selecting the target project and environment.
Input parameters
Unique name for the new branch config. MUST start with the environment identifier followed by an underscore (e.g., 'dev_' for dev environment, 'prd_' for prd environment)
Identifier of the project to which this config will belong
Identifier of the environment to which this config will belong
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_DELETETool to delete a config permanently. Use when you need to remove a config that is no longer needed.
Input parameters
Name (slug) of the config to delete.
Unique identifier (slug) of the project that contains the config.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_GETTool to retrieve a specific Doppler config by project and config name. Use when you need to get configuration details for a specific project environment.
Input parameters
Name of the config object.
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_LISTTool to list configurations from a Doppler project. Use when you need to retrieve all configs or filter by environment. Supports pagination for large result sets.
Input parameters
Page number for pagination. Defaults to 1.
The project's name from which to list configs. This is a required parameter.
Number of items to return per page. Defaults to 20.
The environment from which to list configs. If not specified, configs from all environments will be listed.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_LOCKLock a Doppler config to prevent it from being renamed or deleted. Locking provides protection against accidental modifications to critical configurations. Use this after confirming the correct project and config identifiers.
Input parameters
Name of the config to lock. This is the config name, not the slug.
Unique identifier for the project containing the config to lock.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_UNLOCKTool to unlock a config. Use when you need to allow renaming or deletion of a previously locked config.
Input parameters
Name of the config to unlock. Required unless using a Service Token.
Unique identifier for the project. Required unless using a Service Token.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CONFIGS_UPDATERename an existing Doppler config within a project. This action modifies the config's name while preserving all secrets and settings. Before using this action: 1. Use DOPPLER_PROJECTS_LIST to get the project identifier 2. Use DOPPLER_CONFIGS_LIST to verify the config exists and get its current name 3. Ensure the new name is unique within the project Note: Root configs and locked configs cannot be renamed.
Input parameters
New name for the config. Must be unique within the project. Config names typically follow the pattern: <environment>_<name> (e.g., 'dev_api', 'prd_backend').
Current name of the config to rename. Must be an existing config in the specified project. Use DOPPLER_CONFIGS_LIST to find available configs.
Unique identifier for the project that the config belongs to. Use the project slug/name from DOPPLER_PROJECTS_LIST.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CREATE_ENCRYPTEDCreate a Doppler Share link for an end-to-end encrypted secret. This tool generates a secure, shareable link where the secret is encrypted client-side and decrypted in the recipient's browser, ensuring Doppler never has access to the plaintext. Use this when you need to securely share sensitive information (API keys, passwords, credentials) with controlled expiration. The secret must be pre-encrypted using AES-256-GCM with PBKDF2-SHA256 key derivation before calling this tool. Security features: - End-to-end encryption: Secret is never exposed to Doppler's servers - Configurable expiration: Set limits on views (1-50 or unlimited) and days (1-90) - Password-protected: Recipients must enter the correct password to decrypt
Input parameters
Number of days until the share link expires. Valid range: 1-90 days. Defaults to 1 day if not specified. The link will be automatically deleted after this period.
Maximum number of times the share link can be viewed before expiring. Valid range: 1-50, or -1 for unlimited views. Defaults to 1 if not specified. Use -1 for links that should not expire based on view count.
Key derivation function used for encryption. Must be 'pbkdf2' (PBKDF2-SHA256). This value is required by Doppler's API specification for encrypted shares.
SHA256 hash of the password (hex-encoded, 64 characters). Important: Hash the password itself, NOT the derived encryption key. The API uses this to verify the password when recipients access the share link.
Base64 encoded AES-256-GCM encrypted secret payload. Format: base64(salt + IV + ciphertext), where salt is 16 bytes, IV is 12 bytes, and ciphertext includes the authentication tag. The secret is encrypted with a 256-bit key derived from the password via PBKDF2-SHA256.
PBKDF2 iteration count for key derivation. Must be exactly 1000000 (1 million iterations) as required by Doppler's API specification. This provides strong key stretching security.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CREATE_PLAINTool to generate a Doppler Share link by sending a plain text secret. Use when you need to securely share secrets with expiration controls. The secret is not stored in plain text by Doppler; the receive flow is end-to-end encrypted where the encrypted secret is decrypted in the browser.
Input parameters
The plain text secret to share. This will be encrypted in the browser during the receive flow.
Number of days before link expires. Valid range: 1-90 days. If not specified, uses Doppler default.
Number of views before link expires. Valid values: 1-50 for limited views, or -1 for unlimited views. If not specified, uses Doppler default.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_CREATE_SERVICE_TOKENTool to create a new service token for a Doppler config. Use when you need to generate API credentials for services to access secrets programmatically. The token grants either read-only or read/write access to the specified config. Store the returned token key securely as it cannot be retrieved later.
Input parameters
Name of the service token.
Token's capabilities - either 'read' for read-only access or 'read/write' for full access.
Name of the config object.
Unique identifier for the project object.
Unix timestamp (seconds since epoch) as a string when the token should expire (e.g., '1735689599' for 2024-12-31 23:59:59 UTC). If not provided, token will not expire.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_DELETE_SERVICE_TOKENTool to delete an existing service token from a Doppler config. Use when you need to revoke or remove a service token that is no longer needed.
Input parameters
The slug of the service token to delete.
The token value to delete.
Name of the config object.
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_DELETE_WEBHOOKTool to delete an existing webhook. Use when you need to permanently remove a webhook from a project.
Input parameters
Webhook's slug identifier to delete.
The project's name to filter webhooks. Optional parameter to specify which project the webhook belongs to.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_DISABLE_WEBHOOKTool to disable an existing Doppler webhook. Use when you need to temporarily stop a webhook from receiving notifications without deleting it.
Input parameters
Unique identifier (slug) of the webhook to disable.
The project's name. Optional - if not provided, the webhook will be disabled across all projects.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_DYNAMIC_SECRETS_REVOKE_LEASERevoke a dynamic secret lease immediately before its TTL expires. Use this tool when you need to terminate access to a dynamic secret (e.g., AWS IAM user, database credentials) by invalidating its active lease. This is useful for security purposes when access should be revoked before the natural expiration time. Prerequisites: The lease must have been previously issued via the secrets list or download endpoints with include_dynamic_secrets=true.
Input parameters
Unique identifier of the lease to revoke. This is obtained when issuing a lease via the secrets list/download endpoints with include_dynamic_secrets=true.
Name or slug of the config containing the dynamic secret. This is the environment config (e.g., 'dev', 'prd', 'stg') where the dynamic secret is defined.
Unique identifier for the project (e.g., 'backend-api', 'my-project'). Required unless using a Service Token that is already scoped to a specific project.
Name of the dynamic secret for which to revoke the lease. Dynamic secret names are typically in uppercase with underscores (e.g., 'AWS_IAM_USER', 'DB_CREDENTIALS').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ENABLE_WEBHOOKTool to enable a previously disabled webhook. Use when you need to reactivate a webhook that was temporarily disabled.
Input parameters
Webhook's unique slug identifier.
The project's name. Optional parameter to specify which project the webhook belongs to.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ENVIRONMENTS_CREATECreate a new environment in a Doppler project. Environments (like dev, staging, prod) organize different configurations within a project. Use this when you need to set up a new deployment environment for secrets management. Each environment requires a unique slug within the project.
Input parameters
Display name for the new environment
URL-friendly identifier for the environment (e.g., 'dev', 'staging', 'prod')
Project identifier (slug) to associate the new environment with
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ENVIRONMENTS_DELETETool to delete an environment. Use when you need to remove an environment from a project after confirming it's no longer in use.
Input parameters
Name of the project containing the environment to delete.
Slug of the environment to delete (e.g., 'production').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ENVIRONMENTS_GETRetrieves detailed metadata for a specific Doppler environment within a project. Use this to get information about an environment including its name, creation date, first fetch timestamp, and personal configs setting. You must provide both the project slug and environment slug.
Input parameters
The project slug (unique identifier) containing the environment.
The environment slug to retrieve (e.g., 'dev', 'stg', 'prd').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ENVIRONMENTS_LISTTool to list all environments in a Doppler project. Use when you need to retrieve the environments available in a specific project.
Input parameters
The project's name. This is the unique identifier for the Doppler project whose environments you want to list.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_ENVIRONMENTS_RENAMERename an environment's display name within a Doppler project. This updates only the human-readable name; the environment slug remains unchanged. Use this when you need to update how an environment appears in the UI without affecting its identifier.
Input parameters
New display name for the environment.
Identifier of the project containing the environment to rename.
Slug (unique identifier) of the environment to rename. Common values include 'dev', 'stg', 'prd'.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_GET_WEBHOOKTool to retrieve an existing webhook by its slug. Use when you need to get webhook details including URL, authentication settings, enabled status, and payload configuration.
Input parameters
Webhook's slug (uses webhook ID)
The project's name (required for retrieving webhook details)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_GET_WORKPLACE_USERTool to retrieve a specific workplace user by their workplace_user id. Use when you need to get detailed information about a workplace user including their access level, creation date, and nested user details.
Input parameters
The workplace_user id (not the nested user.slug). This is the 'id' field returned from the DOPPLER_USERS_LIST endpoint response (e.g., 'ca182cb0-7d87-4dad-a6d6-97124fb0c264')
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_GROUPS_DELETE_MEMBERRemove a member from a Doppler group. This permanently removes the specified member (workplace_user, group, invite, or service_account) from the group. Requires valid group and member slugs. Returns 204 status code on success.
Input parameters
Unique UUID identifier of the group from which to remove the member (must be a valid UUID format)
Member type. Must be one of: 'workplace_user' (individual users), 'group' (user groups), 'invite' (pending invitations), or 'service_account' (service accounts)
Unique slug identifier of the member to remove from the group. This should match the slug of a workplace_user, group, invite, or service_account depending on the type specified
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_INTEGRATIONS_LISTTool to retrieve all existing integrations in Doppler. Use when you need to list all configured integrations.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_INVITES_LISTTool to list open workplace invites. Use when you need to retrieve all pending invitations for the current Doppler workplace after authenticating.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_LIST_CHANGE_REQUESTSList existing change requests in the Doppler workplace. Use this tool to retrieve all change requests and view their current status. Change requests are a workflow-driven mechanism for proposing additions, modifications, or deletions of values stored in Doppler, which require review and approval from authorized team members. Note: This feature requires a Team or Enterprise plan. Attempting to use this endpoint with a Free or Starter plan will result in a 403 Forbidden error.
Input parameters
Page number for pagination. Defaults to 1.
Number of items to return per page. Defaults to 20.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_LIST_PROJECT_MEMBERSTool to list all members of a Doppler project including users, groups, service accounts, and invites. Use when you need to retrieve all members with their roles and environment access permissions for a specific project.
Input parameters
Page number for pagination. Use this to navigate through multiple pages of results.
Project slug identifier for which to list members.
Number of items to return per page. Controls how many members are returned in a single request.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_LIST_SERVICE_TOKENSTool to list all service tokens for a specific Doppler config. Use when you need to view existing API credentials and their access levels.
Input parameters
Name of the config object.
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_LIST_USERSTool to list all users in the Doppler workplace. Use when you need to retrieve user information, check user access levels, or filter users by email address.
Input parameters
The page of users to fetch. Use this to navigate through multiple pages of results.
Filter results to only include the user with the provided email address.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_LIST_WEBHOOKSTool to list all webhooks configured for a Doppler project. Use when you need to retrieve all webhooks or check webhook configurations for a specific project.
Input parameters
The project's name (slug) to list webhooks for. This is a required parameter.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECT_MEMBERS_DELETETool to remove a member from a project. Use after confirming project slug, member type, and slug.
Input parameters
Member slug identifier (UUID format for workplace_user) to remove from the project.
Member type: 'workplace_user', 'group', 'invite', or 'service_account'.
Project slug identifier from which to remove the member.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECT_MEMBERS_GETRetrieve a specific project member's details including their role and environment access permissions. Use this when you need to check a specific user's, group's, service account's, or invite's membership settings in a project. Requires the project slug, member type (workplace_user/group/invite/service_account), and member slug (UUID).
Input parameters
Unique identifier (UUID) of the member to retrieve.
Member type. Must be one of: 'workplace_user' (individual workspace member), 'group' (member group), 'invite' (pending invitation), or 'service_account' (automated service account).
Project slug identifier to which the member belongs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECT_PERMISSIONS_LISTList all available project-level permissions in Doppler. Returns permission identifiers (slugs) that can be assigned to project roles when creating or updating custom roles. Use this to discover what permissions are available before configuring project role access.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECT_ROLES_GETRetrieve detailed information about a specific project role in Doppler, including its permissions, display name, identifier, creation timestamp, and whether it's a custom or built-in role. Use this to understand what permissions a role grants before assigning it to users or groups.
Input parameters
The role's unique identifier. Built-in roles include: 'admin' (full access), 'collaborator' (read/write), 'viewer' (read-only), and 'no_access' (no permissions). Custom roles can also be specified by their identifier.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECT_ROLES_LISTTool to list all available project roles in Doppler. Use when you need to retrieve all roles for permission management or to see what roles are available.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECTS_CREATETool to create a project. Use when you need to programmatically initialize a new Doppler project after authentication.
Input parameters
Project name. Recommended hyphen-separated lowercase. Must be 2-80 characters.
Optional project description.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECTS_DELETETool to delete a project permanently. Use after confirming irreversible removal.
Input parameters
Unique identifier (name/slug) of the project to delete.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECTS_GETTool to retrieve details of a specific Doppler project by its identifier. Use when you need to get project metadata including ID, slug, name, description, and creation timestamp.
Input parameters
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_PROJECTS_LISTTool to list all Doppler projects in your workspace. Use when you need to retrieve available projects for configuration management or to get project details.
Input parameters
Page number for pagination. Use this to navigate through multiple pages of results.
Number of items to return per page. Controls how many projects are returned in a single request.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_DELETETool to delete a secret from a Doppler config. Use when you need to permanently remove a secret from a specific project and config.
Input parameters
Name of the secret to delete.
Name of the config object.
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_DOWNLOADTool to download secrets from a Doppler config in various formats. Use when you need to retrieve all secrets or a subset of secrets from a specific project and config. Supports multiple output formats and name transformations.
Input parameters
Name of the config object. Not required if using a Service Token.
Format for the downloaded secrets. Defaults to 'json'.
Unique identifier for the project object. Not required if using a Service Token.
Comma-delimited list of secrets to include in the download (e.g., 'API_KEY,DATABASE_URL'). Defaults to all secrets if left unspecified.
Transform secret names to a different case. If not specified, secret names remain unchanged.
The number of seconds until dynamic leases expire. Must be used with `include_dynamic_secrets`. Defaults to 1800 (30 minutes) if not specified.
Whether or not to issue leases and include dynamic secret values for the config. Defaults to false if not specified.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_GETTool to retrieve a specific secret from a Doppler project config. Use when you need to get the value of a specific secret including its raw and computed values.
Input parameters
Name of the secret to retrieve.
Name of the config object (e.g., dev, staging, production).
Unique identifier for the project object.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_LISTTool to list all secrets for a specific Doppler config within a project. Use when you need to retrieve secret values and metadata. Returns both raw and computed values for each secret, along with visibility settings and optional notes.
Input parameters
Name of the config object.
Unique identifier for the project object.
The number of seconds until dynamic leases expire. Must be used with `include_dynamic_secrets`. Defaults to 1800 (30 minutes) if not specified.
Whether or not to issue leases and include dynamic secret values for the config. Defaults to false if not specified.
Whether to include Doppler's auto-generated (managed) secrets. Defaults to true if not specified.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_NAMESTool to retrieve the list of secret names from a specific Doppler config. Use when you need to list available secret names without their values.
Input parameters
Name of the config object.
Unique identifier for the project object.
Whether or not to issue leases and include dynamic secret values for the config
Whether to include Doppler's auto-generated (managed) secrets
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_UPDATETool to update secrets in a Doppler config. Use when you need to create or update secret values in a specific project and config.
Input parameters
Name of the config object.
Unique identifier for the project object.
Object of secrets you would like to save to the config. Key-value pairs where keys are secret names and values are secret values. Either 'secrets' or 'change_requests' is required (can't use both).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETS_UPDATE_NOTETool to update a note for a secret in Doppler. Use when you need to add or modify documentation for a specific secret. Notes are stored at the project level and apply across all environments, though a config parameter is required for the API call. Notes help document secret usage, provide context, or store reference links.
Input parameters
The note you want to set on the secret. This note will be applied to the specified secret across all environments in the project.
Name of the config where the secret is located. This parameter is required by the API even though notes are stored at the project level.
The name of the secret to update the note for.
Unique identifier for the project object where the secret resides.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_UPDATE_PROJECTTool to update an existing Doppler project's name or description. Use when you need to rename a project or modify its description after it has been created.
Input parameters
New name for the project. Recommended hyphen-separated lowercase. Must be 2-80 characters.
Unique identifier for the project object. This is the current project name/slug.
Optional updated description for the project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_UPDATE_SECRET_NOTEDEPRECATED: Use DopplerSecretsUpdateNote instead. Tool to set or update a note for a secret in Doppler. Use when you need to add or modify documentation for a specific secret. Notes are stored at the project level and apply across all environments.
Input parameters
The note to set on the secret, applied at project level across all environments.
Config identifier. Required despite being marked as deprecated in the API documentation. Notes are applied at the project level across all environments.
The name of the secret to update the note for.
Unique identifier for the project object where the secret resides.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_UPDATE_WEBHOOKTool to update an existing webhook configuration in Doppler. Use when you need to modify webhook URL, authentication, enabled configs, or other webhook settings.
Input parameters
The webhook URL. Must be https
Unique identifier (slug) of the webhook to update
Secret used for request signing to verify webhook authenticity. See: https://docs.doppler.com/docs/webhooks#verify-webhook-with-request-signing
Custom JSON payload for the webhook. See: https://docs.doppler.com/docs/webhooks#default-payload
The project's name
Config slugs that the webhook should be enabled for
Authentication configuration for the webhook.
Config slugs that the webhook should be disabled for
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_UPDATE_WORKPLACETool to update workplace settings in Doppler. Use when you need to modify workplace name, billing email, or security email. At least one field must be provided to update.
Input parameters
Workplace name to update
Billing email address for the workplace
Security email address for the workplace
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_WORKPLACE_GETTool to retrieve workplace information from Doppler. Use when you need to get workplace details including ID, name, billing email, and security email.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_WORKPLACE_ROLES_GETTool to retrieve workplace role information from Doppler. Use when you need to get details about a specific role including its permissions and metadata.
Input parameters
The role's unique identifier. Common built-in values include 'owner', 'admin', 'collaborator'. Custom role identifiers are also supported.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_WORKPLACE_ROLES_LISTTool to list all workplace roles in your Doppler workspace. Use when you need to retrieve available workplace roles for user management or permission configuration.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_WORKPLACE_ROLES_LIST_PERMISSIONSRetrieves all available workplace permissions in Doppler. This action returns a comprehensive list of permission identifiers that can be assigned to workplace roles. Workplace permissions control access to organization-level features such as billing, team management, service accounts, integrations, audit logs, and other workplace settings. Use this action when you need to: - View all available permissions for workplace role configuration - Understand what permissions can be assigned to custom workplace roles - Audit the permission system capabilities in your Doppler workplace No parameters are required. This is a read-only, idempotent operation.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
No publicly available marketplace agent is found using this tool yet. There are 72 agents privately built on Nagent that already use Doppler.
Build on Nagent
Connect Doppler to any Nagent agent in minutes — no API key management, no boilerplate. Just configure and deploy.
The five questions agent builders ask before adopting a new integration.
Open the External Integrations panel inside Nagent (app.nagent.ai/externalIntegration), find Doppler, and click "Connect Now." You'll authenticate with an API key — Nagent handles credential storage and refresh automatically. Once connected, Doppler is available to any agent in your workspace.
No. Nagent provides no-code integration for every tool. Once Doppler is connected, you configure its 62 actions directly in the agent builder UI — no API calls, no boilerplate, no schema management.
Helix — Nagent's agentic agent builder — lets you drop Doppler steps into any workflow visually. Pick an action (e.g., one of those listed above), fill in the inputs (Helix knows the required vs. optional schema for each parameter), and connect it to upstream/downstream steps. Triggers run as the entry point of an agent, so when a Doppler event fires, the agent kicks off automatically.
Every Doppler action and trigger ships with a fully-typed schema — input parameters with name, type, required flag, and description, plus the output payload shape. The schemas are documented in the sections above. Helix uses these schemas to validate your configuration at build time and to type-check the data flowing between steps.
Yes. While Doppler ships with 62 pre-built developer tools actions, you can layer custom logic around them inside Helix — pre/post-processing steps, conditional branches, retries, or stitching Doppler together with other connected tools. For deeper customization, talk to our team about Nagent's Agentic AI Lab — forward-deployed engineers who build Doppler-based workflows tailored to your business.