← knowledge.oriz.in

Secrets management services

index servicessecretsindex

Secrets management services

The family's secrets architecture is locked at security/secrets-management-doppler.md.

Service Status One-line role
doppler.md active Source of truth — every secret originates here, syncs out to runtime mirrors
github-secrets.md active Runtime mirror for GitHub Actions; written by Doppler's GH integration

The earlier envpact entry stays documented as the user's home-grown vault — see the Doppler decision for why we picked Doppler for this batch.

Sync direction

Doppler (source of truth)
  ├── → GitHub Secrets (org / repo / environment)
  ├── → Cloudflare Workers (vars + secrets)
  ├── → Firebase config (functions:config + Auth provider creds)
  └── → Local .env via `doppler run` (never commit a .env file)

Cross-refs