doppler

apex_utils.doppler

pull_secret cached

pull_secret(*, name: str, project: str = 'apex', config: str = 'prd') -> str

Pull a secret from Doppler.

The secret is first checked in the local environment, and if not found, the secret is pulled from Doppler using the doppler token DOPPLER_SDK_TOKEN.

Parameters:

Name	Type	Description	Default
name	str	The name of the secret to pull.	required
project	str	The project to pull the secret from. Defaults to "apex".	'apex'
config	str	The config to pull the secret from. Defaults to "prd".	'prd'

Returns:

Name	Type	Description
str	str	The value of the secret.

Source code in apex_utils/doppler.py

@cache
def pull_secret(*, name: str, project: str = "apex", config: str = "prd") -> str:
    """Pull a secret from Doppler.

    The secret is first checked in the local environment, and if not found, the secret
    is pulled from Doppler using the doppler token `DOPPLER_SDK_TOKEN`.

    Args:
        name (str): The name of the secret to pull.
        project (str, optional): The project to pull the secret from. Defaults to
            "apex".
        config (str, optional): The config to pull the secret from. Defaults to "prd".

    Returns:
        str: The value of the secret.
    """
    from dopplersdk import DopplerSDK  # noqa: PLC0415

    if (value := environ.get(name)) is not None:
        return value

    if (token := environ.get("DOPPLER_SDK_TOKEN")) is None:
        msg = f"Please set {name}, or DOPPLER_SDK_TOKEN must be set in the environment"
        raise ValueError(msg)

    doppler = DopplerSDK(access_token=token)
    res = doppler.secrets.get(project=project, config=config, name=name)
    if not isinstance(res.value, dict):
        msg = f"Unable to handle response from Doppler for {name}: {res.value}, expected a dict"  # noqa: E501
        raise TypeError(msg)
    if (value := res.value.get("raw")) is None:
        msg = f"Unable to get secret {name} in Doppler"
        raise ValueError(msg)
    return value