Back to Blog
migrationdopplertutorial

Migrating from Doppler to Redshift: Complete Guide

December 10, 2024 4 min read | By Redshift Team
Share:

We built the Redshift CLI to feel familiar if you're coming from Doppler. Most of the commands map one-to-one, so the actual migration is less work than you'd expect. I did it on a side project in about ten minutes, and most of that was waiting for doppler secrets download to finish.

Before You Begin

You'll need three things ready:

  • Redshift CLI installed (curl -fsSL https://redshiftapp.com/install | sh)
  • A Nostr identity (NIP-07 extension or nsec key)
  • Access to your Doppler project

Step 1: Export Secrets from Doppler

Grab everything out of Doppler as JSON. Make sure you're in the right project/environment first -- Doppler uses whatever you last configured with doppler setup. 

doppler secrets download --no-file --format json > secrets.json

This dumps all your secrets for the current environment into a single file. Worth a quick cat secrets.json to sanity-check that it looks right before moving on.

Step 2: Authenticate with Redshift

This is the part most people overthink. Just run: 

redshift login

It'll ask you to pick between a NIP-07 browser extension or pasting your nsec directly. If you already have Alby or nos2x set up, the extension route is easiest. If not, nsec works fine -- Redshift stores it in your system keychain, not in a plaintext file somewhere.

Step 3: Create a Project

Now set up a project to hold your secrets. The setup wizard asks a few questions -- project name, which environments you want -- and creates everything for you. 

redshift setup

I'd recommend matching your Doppler project name so you don't confuse yourself later. If you have multiple environments in Doppler (dev, staging, production), create them all here. You can always add more later.

Step 4: Upload Your Secrets

Point Redshift at the JSON file you exported earlier: 

redshift secrets upload secrets.json -e production

That's the whole thing. Redshift encrypts each secret with your Nostr identity client-side, then publishes them to your configured relays. If you exported multiple environments from Doppler, repeat this step with each file and the matching -e flag.

Step 5: Update Your Scripts

Here's the payoff for the Doppler-compatible CLI: anywhere you have doppler run, swap in redshift run. Same syntax, same -- separator. 

# Before
doppler run -- npm start

# After
redshift run -- npm start

If you have a dozen scripts or CI configs that reference Doppler, a find-and-replace gets you most of the way there. I'd test one locally before going on a bulk-replace spree, though.

Step 6: Clean Up

Once you've confirmed everything runs correctly with Redshift:

  1. Delete the secrets.json file -- seriously, it's sitting there in plaintext
  2. Update your CI/CD pipelines to use redshift
  3. Optionally, revoke your Doppler secrets (maybe give it a week first, just in case)

Command Compatibility Reference

For quick reference, here's how the main commands line up. If you've been using Doppler for a while, you'll barely notice the difference.

Doppler Redshift
doppler run redshift run
doppler secrets redshift secrets
doppler setup redshift setup

Stuck on Something?

The CLI docs cover all the flags and options in detail. If you hit something weird during migration, open an issue -- we've seen most of the edge cases by now and can usually point you in the right direction quickly.

Ready to try Redshift?

Own your secrets with decentralized, censorship-resistant secret management.

Get Started Free Read the Docs
Back to all posts