Engineir
Hello,
I have a Droplet Autoscale Pool running. However, I need certain (api keys, etc) environment variables on the droplets.
Any advice on how to mount those secrets without exposing them inside the docker image or in my Github repo?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
There are a few ways to do that:
1. Use User Data for Secure Initialization
Every new Droplet in your pool can run a startup script using User Data. This lets you fetch secrets securely at boot.
- Store your secrets in a secure location (like Doppler or an encrypted storage solution).
- Write a startup script that retrieves and exports them as environment variables.
- Add the script to User Data in your Autoscale Pool configuration, so it runs on every new Droplet.
📌 More on User Data: https://docs.digitalocean.com/products/droplets/how-to/provide-user-data/
2. Use Doppler for Secrets Management
Instead of managing secrets manually, Doppler can handle it for you. DigitalOcean even has a Doppler 1-click install 👉 Doppler Marketplace.
- Set up a Doppler project and store your secrets there.
- Install the Doppler CLI on your Droplets (either manually or via User Data), then authenticate with a service token. Doppler will inject your environment variables automatically.
- Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.