doppler secrets download: Export Secrets to a File
doppler secrets download exports all secrets for a project/config as JSON, dotenv, or plain output for tools that need a file.
When a build tool cannot read from the environment, doppler secrets download materializes the secrets into a file. Prefer streaming to stdout with --no-file so nothing lingers on disk.
What it does
doppler secrets download fetches every secret in the selected config and writes them in the chosen format. By default it writes doppler.json; --no-file sends the output to stdout instead.
Common usage
export DOPPLER_TOKEN=dp.st.prod.xxxxx
doppler secrets download --no-file --format env > .env
doppler secrets download --format json --no-file | jq keysOptions
| Flag | What it does |
|---|---|
| --format json|env|env-no-quotes|docker | Output format for the secrets |
| --no-file | Write to stdout instead of a file |
| -p, --project <name> | Project to read from |
| -c, --config <name> | Config within the project |
| -t, --token <token> | Service token (or set DOPPLER_TOKEN) |
In CI
Use --no-file and pipe into the exact file the tool expects, then delete it in a cleanup step. --format env gives a dotenv file; env-no-quotes suits tools that choke on quoted values. Mask the output; never print it to the log.
Common errors in CI
"Doppler Error: you must provide a token" means DOPPLER_TOKEN is unset. "Doppler Error: Invalid Service token" means a bad or revoked token. "Doppler Error: You do not have access to the requested project" means the service token is scoped elsewhere.