Installing the Doppler CLI using the install.sh script now supports binary signature verification using the `--verify-signature` flag.

Learn more by visiting our CLI installation documentation.

Developers and organizations trust Doppler with securely managing and serving millions of secrets to their applications and we’re excited to announce that Doppler has achieved SOC 2 Compliance.

Read our announcement blog post to learn more.

We're constantly working with security researchers and professionals to improve our security posture and we invite you to collaborate with us by joining our public Vulnerability Disclosure Program.

GitHub now scans your repos for Doppler tokens. Tokens found in public repos will be automatically revoked, preventing exposed tokens from being used to access your secrets.

See the official announcement from GitHub at https://github.blog/changelog/2020-12-07-github-now-scans-for-leaked-doppler-tokens

We’re trusted with serving millions of secrets to developers and their apps in a secure, performant, and reliable way. A love for security is built into the core of our DNA and you can help by joining Doppler's Vulnerability Disclosure Program at https://doppler.com/vdp

Want to help improve Doppler's security? Our security.txt shares how to do so safely and securely.

We've rolled out support for our most requested MFA method: security keys! You can now use a YubiKey and other WebAuthn-based security keys as an additional factor during login. Security keys can be added in addition to OTP/Authy, and we support multiple keys from day one. One piece of personal advice: always add a backup key!

We've added support for setting up OTP via a manual key. This is in addition to the primary method of scanning a QR code. If you haven't set up OTP yet, try it out today!