Question

How to add secret environment variables to droplets in Droplet Autoscale Pools

Posted on February 27, 2025
Droplets
Asked by Adam Paslawski

Hello,

I have a Droplet Autoscale Pool running. However, I need certain (api keys, etc) environment variables on the droplets.

Any advice on how to mount those secrets without exposing them inside the docker image or in my Github repo?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev

Site Moderator

• February 28, 2025

There are a few ways to do that:

1. Use User Data for Secure Initialization

Every new Droplet in your pool can run a startup script using User Data. This lets you fetch secrets securely at boot.

Store your secrets in a secure location (like Doppler or an encrypted storage solution).
Write a startup script that retrieves and exports them as environment variables.
Add the script to User Data in your Autoscale Pool configuration, so it runs on every new Droplet.

📌 More on User Data: https://docs.digitalocean.com/products/droplets/how-to/provide-user-data/

2. Use Doppler for Secrets Management

Instead of managing secrets manually, Doppler can handle it for you. DigitalOcean even has a Doppler 1-click install 👉 Doppler Marketplace.

Set up a Doppler project and store your secrets there.
Install the Doppler CLI on your Droplets (either manually or via User Data), then authenticate with a service token. Doppler will inject your environment variables automatically.

- Bobby