This is very neat - my favorite part so far is being able to synchronize local .env across all developers instantly. We currently use 1Password as a hacky solution for this, which is a bit of a pain.
I saw the demo video which looks great - one question though, how does this work with Heroku add-ons? If you configure Heroku Postgres for example, a DATABASE_URL env var gets automatically added. This variable can change (e.g. when Heroku applies a patch to your DB and restarts it). Is the sync two way, or do you expect applications to have two sets of environment variables (split across Doppler and Heroku)?
I am glad you asked! I built the Heroku integration at Doppler. We are doing a one way syncing as we believe Doppler should be the single source of truth for your secrets. However, we know that addons & attachments are an important part of Heroku, so we make sure we never overwrite any of the addons/attachments env vars. Those continue to live within Heroku as they wouldn't make much sense or be useful outside of that context.
Got it, thanks for sharing that! I just got local development setup via Doppler and it was a breeze.
"dev": "doppler run -- nodemon --exec \"heroku local\" --signal SIGTERM"
For managing our production secrets, we're obviously a bit more hesitant to give those over to an additional third party. Heroku secrets management works well for us, so I think we will continue to use that for now. But for managing development secrets, this is perfect.
I saw the demo video which looks great - one question though, how does this work with Heroku add-ons? If you configure Heroku Postgres for example, a DATABASE_URL env var gets automatically added. This variable can change (e.g. when Heroku applies a patch to your DB and restarts it). Is the sync two way, or do you expect applications to have two sets of environment variables (split across Doppler and Heroku)?