Migrating from Doppler to Redshift: Complete Guide
We built the Redshift CLI to feel familiar if you're coming from Doppler, but it has its own supported commands and flags. Review each command below rather than assuming full compatibility. The data migration itself is straightforward once you have exported the intended Doppler project and environment.
Before You Begin
You'll need three things ready:
- Redshift CLI installed (
curl -fsSL https://redshiftapp.com/install | sh) - A CLI signer (local nsec or NIP-46 remote signer); NIP-07 is for the browser dashboard
- Access to your Doppler project
Step 1: Export Secrets from Doppler
Grab everything out of Doppler as JSON. Make sure you're in the right project/environment first -- Doppler uses whatever you last configured with doppler setup.
doppler secrets download --no-file --format json > secrets.json
This dumps all your secrets for the current environment into a single file. Worth a quick cat secrets.json to sanity-check that it looks right before moving on.
Step 2: Authenticate with Redshift
This is the part most people overthink. Just run:
redshift login
The CLI offers local nsec and NIP-46 remote-signer paths. NIP-07 extensions authenticate the browser dashboard and are not a CLI login method. Review the custody trade-offs in the authentication documentation before choosing.
Step 3: Create a Project
Now set up a project to hold your secrets. The setup wizard asks a few questions -- project name, which environments you want -- and creates everything for you.
redshift setup
I'd recommend matching your Doppler project name so you don't confuse yourself later. If you have multiple environments in Doppler (dev, staging, production), create them all here. You can always add more later.
Step 4: Upload Your Secrets
Point Redshift at the JSON file you exported earlier:
redshift secrets upload secrets.json -e production
That's the whole thing. Redshift encrypts each secret with your Nostr identity client-side, then publishes them to your configured relays. If you exported multiple environments from Doppler, repeat this step with each file and the matching -e flag.
Step 5: Update Your Scripts
Here's the payoff for the Doppler-inspired run workflow: many scripts can swap doppler run for redshift run while keeping the same -- separator. Check the Redshift CLI reference for strict flag differences.
# Before
doppler run -- npm start
# After
redshift run -- npm start
If you have a dozen scripts or CI configs that reference Doppler, a find-and-replace gets you most of the way there. I'd test one locally before going on a bulk-replace spree, though.
Step 6: Clean Up
Once you've confirmed everything runs correctly with Redshift:
- Delete the
secrets.jsonfile -- seriously, it's sitting there in plaintext - Update your CI/CD pipelines to use
redshift - Optionally, revoke your Doppler secrets (maybe give it a week first, just in case)
Command Compatibility Reference
For quick reference, here's how the main commands line up. If you've been using Doppler for a while, you'll barely notice the difference.
| Doppler | Redshift |
|---|---|
doppler run |
redshift run |
doppler secrets |
redshift secrets |
doppler setup |
redshift setup |
Stuck on Something?
The CLI docs cover all the flags and options in detail. If you hit something weird during migration, open an issue -- we've seen most of the edge cases by now and can usually point you in the right direction quickly.
Ready to try Redshift?
Own your secrets with decentralized, censorship-resistant secret management.