Doppler is a secrets management platform that helps teams securely manage and sync environment variables across projects and environments.
Doppler is a secrets management platform that helps teams securely manage and sync environment variables across projects and environments. On Nagent, Doppler SecretOps is exposed as a fully-configurable developer tools integration that any agent can call — 29 actions, and API key authentication. No code is required to wire Doppler SecretOps into your workflow — connect it once via the External Integrations panel and reuse it across every agent you build.
Agent builders use Doppler SecretOps to automate the kinds of tasks developer tools teams previously handled manually. Concrete examples — each one is a single agent step in Nagent — include:
Every action and trigger is paired with a structured input/output schema (visible in the sections below), so when you wire Doppler SecretOps into Helix — our agentic agent builder — the editor knows exactly what each step expects and produces. Configure once, deploy anywhere across your Nagent agents.
Every operation an agent can call against Doppler SecretOps, with input parameters and output schema. Drop these into any step of an agent built in Helix.
DOPPLER_SECRETOPS_ACTIVITY_LOGS_LISTTool to list workplace activity logs. Use when you need to fetch recent activity logs.
Input parameters
Page number for pagination (default: 1)
Number of items per page (default: 20)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_ACTIVITY_LOGS_RETRIEVETool to retrieve a single activity log entry by id. Use when you have a valid Activity Log id.
Input parameters
The Activity Log's unique identifier
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIG_LOGS_GETTool to retrieve a specific config log entry. Use when needing details of a single config log; call after specifying project, config, and log identifiers.
Input parameters
Unique identifier of the config log to retrieve.
Name of the configuration.
Unique identifier for the project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIG_LOGS_LISTTool to list config change logs for a specific config. Use when you need the audit trail for a config after confirming its identity.
Input parameters
Page number for pagination
Name/slug of the config to list logs for
Unique identifier for the project
Number of items per page
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIG_LOGS_ROLLBACKTool to rollback a config to a selected log version. Use when needing to undo a specific change by its log ID, after confirming project, config, and log ID.
Input parameters
The Config Log ID to roll back
Name of the config where the log occurred
Unique identifier of the project containing the config
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_CLONETool to clone a branch config including all its secrets. Use after confirming the source config details.
Input parameters
Name of the new cloned config (branch name).
Name of the config to clone (e.g., 'dev', 'stg').
Identifier of the project where the source config resides.
Identifier of the environment of the source config.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_CREATETool to create a branch config. Use when you need to programmatically establish a new branch-based configuration for a specified project and environment. Use after selecting the target project and environment.
Input parameters
Unique name for the new branch config, e.g., 'dev_feature_branch'
Identifier of the project to which this config will belong
Identifier of the environment to which this config will belong
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_DELETETool to delete a config permanently. Use when you need to remove a config that is no longer needed.
Input parameters
Name (slug) of the config to delete.
Unique identifier (slug) of the project that contains the config.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_GETTool to fetch a config's details. Use when you need metadata for a specific config after specifying the project and config names. Example: "Get details for config 'staging-config' in project 'proj-123'."
Input parameters
Name of the config to retrieve. Required unless using a Service Token.
Unique identifier for the project. Required unless using a Service Token.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_LOCKTool to lock a config. Use when you need to prevent a config from being renamed or deleted after confirming the project and config names. Example: "Lock config 'staging-config' in project 'proj-123' after finalizing environment setup."
Input parameters
Name of the config to lock.
Unique identifier for the project containing the config to lock.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_UNLOCKTool to unlock a config. Use when you need to allow renaming or deletion of a previously locked config. Example: "Unlock config 'staging-config' in project 'proj-123'."
Input parameters
Name of the config to unlock. Required unless using a Service Token.
Unique identifier for the project. Required unless using a Service Token.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_CONFIGS_UPDATETool to modify an existing config. Use when you need to rename a config after confirming project and config names.
Input parameters
New name for the config.
Name/slug of the existing config to modify.
Unique identifier for the project that the config belongs to.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_DYNAMIC_SECRETS_REVOKE_LEASETool to revoke a dynamic secret lease. Use when you need to invalidate an active lease by its ID after confirming the config and dynamic secret identifiers.
Input parameters
Identifier of the lease to revoke.
Identifier of the config containing the dynamic secret (name or slug).
Project identifier. Required unless using a Service Token scoped to a project.
Identifier of the dynamic secret for which to revoke the lease (name in uppercase, numbers, underscores).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_ENVIRONMENTS_CREATETool to create a new environment. Use when you need to programmatically create an environment for a specified project.
Input parameters
Display name for the new environment
Optional slug for the environment; if omitted, generated from the name
Project identifier (slug) to associate the new environment with
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_ENVIRONMENTS_DELETETool to delete an environment. Use when you need to remove an environment from a project after confirming it's no longer in use.
Input parameters
Name of the project containing the environment to delete.
Slug of the environment to delete (e.g., 'production').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_ENVIRONMENTS_GETTool to retrieve an environment. Use when you need metadata for a specific environment after specifying the project and environment slug.
Input parameters
Unique identifier for the project containing the environment.
Slug of the environment to retrieve.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_ENVIRONMENTS_LISTTool to list environments in a Doppler project. Use when you need environment metadata for a specific project after providing the project slug.
Input parameters
Slug identifier of the project to list environments for
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_ENVIRONMENTS_RENAMETool to rename an environment. Use when you need to update an environment's display name after confirming project and environment identifiers.
Input parameters
New display name for the environment.
Identifier of the project containing the environment to rename.
Slug of the environment to rename (e.g., 'production').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_GROUPS_DELETE_MEMBERTool to remove a member from a group. Use after confirming the group slug and member identifiers.
Input parameters
Slug identifier of the group
Member type (e.g., 'user' or 'team')
Slug identifier of the member to remove
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_INTEGRATIONS_LISTTool to list all external integrations. Use when you need to retrieve all configured external integrations after authentication.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_INVITES_LISTTool to list open workplace invites. Use when you need to retrieve all pending invitations for the current Doppler workplace after authenticating.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECT_MEMBERS_DELETETool to remove a member from a project. Use after confirming project slug, member type, and slug. Example: "Delete member 'jdoe' of type 'users' from project 'my-project-slug'."
Input parameters
Member slug identifier to delete.
Member type segment in the URL path.
Project slug identifier from which to remove the member.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECT_MEMBERS_GETTool to retrieve a project member by type and slug. Use after confirming project slug, member type, and slug.
Input parameters
Member slug identifier to retrieve.
Member type segment in the URL path (e.g., 'users', 'service-accounts').
Project slug identifier to which the member belongs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECT_PERMISSIONS_LISTTool to list project-level permissions. Use when you need to fetch all available permissions for projects after authentication.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECT_ROLES_GETTool to retrieve a project role. Use when you need details of a specific project role after authenticating.
Input parameters
Slug identifier of the project role to retrieve
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECTS_CREATETool to create a project. Use when you need to programmatically initialize a new Doppler project after authentication.
Input parameters
Project name. Recommended hyphen-separated lowercase. Must be 2-80 characters.
Optional project description.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECTS_DELETETool to delete a project permanently. Use after confirming irreversible removal.
Input parameters
Unique identifier (name/slug) of the project to delete.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_PROJECTS_LISTTool to list Doppler projects. Use when you need to retrieve all projects with optional pagination.
Input parameters
Page number for pagination (1-indexed). Defaults to 1.
Number of projects per page. Defaults to 25, max 100.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
DOPPLER_SECRETOPS_SECRETS_UPDATETool to update secrets in a config. Use when you need to change secret values for deployments.
Input parameters
Identifier of the config whose secrets will be updated. Must reference an existing config; verify existence before calling.
Identifier of the project containing the config.
Mapping of secret names to their new values. Overwrites existing values for matching keys immediately with no confirmation or diff — verify all key names before calling.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
No publicly available marketplace agent is found using this tool yet. There are 47 agents privately built on Nagent that already use Doppler SecretOps.
Build on Nagent
Connect Doppler SecretOps to any Nagent agent in minutes — no API key management, no boilerplate. Just configure and deploy.
The five questions agent builders ask before adopting a new integration.
Open the External Integrations panel inside Nagent (app.nagent.ai/externalIntegration), find Doppler SecretOps, and click "Connect Now." You'll authenticate with an API key — Nagent handles credential storage and refresh automatically. Once connected, Doppler SecretOps is available to any agent in your workspace.
No. Nagent provides no-code integration for every tool. Once Doppler SecretOps is connected, you configure its 29 actions directly in the agent builder UI — no API calls, no boilerplate, no schema management.
Helix — Nagent's agentic agent builder — lets you drop Doppler SecretOps steps into any workflow visually. Pick an action (e.g., one of those listed above), fill in the inputs (Helix knows the required vs. optional schema for each parameter), and connect it to upstream/downstream steps. Triggers run as the entry point of an agent, so when a Doppler SecretOps event fires, the agent kicks off automatically.
Every Doppler SecretOps action and trigger ships with a fully-typed schema — input parameters with name, type, required flag, and description, plus the output payload shape. The schemas are documented in the sections above. Helix uses these schemas to validate your configuration at build time and to type-check the data flowing between steps.
Yes. While Doppler SecretOps ships with 29 pre-built developer tools actions, you can layer custom logic around them inside Helix — pre/post-processing steps, conditional branches, retries, or stitching Doppler SecretOps together with other connected tools. For deeper customization, talk to our team about Nagent's Agentic AI Lab — forward-deployed engineers who build Doppler SecretOps-based workflows tailored to your business.