Notify Microsoft Teams channel via Azure Logic Apps when a secret is updated in Doppler

Cloud Monitoring Solutions 3 Minutes

In this blog post, we will understand how to configure integration between Doppler, Microsoft Teams and Azure LogicApps to send a notification whenever a secret in config gets added/deleted/updated.

Doppler is a secrets manager that enables developers and security teams to keep their secrets and app configuration in sync and secure across devices, environments, and team members

Here are the key takeaways of this blog post –

  • Create a webhook in a Doppler project that enables secret changes in Doppler to be integrated into your continuous delivery flow.
  • Configure a LogicApp that gets gets invoked whenever a secret is changed in Doppler and sends a notification about this change to Microsoft Teams channel
Scenario –

A secret gets updated inside a project in Doppler. Azure logic apps gets invoked, picks this change up and sends a notification to Microsoft Teams channel regarding this secret change.

Configure a Logic App that gets invoked whenever a secret is changed in Doppler –

Lets configure an Azure Logic App first up that will receive a POST request from Doppler webhook whenever a secret changes.

Below is the generic structure of the Azure Logic App that we plan to design –

Trigger – When a HTTP request is received

When a secret gets changed in Doppler the Doppler webhook will receive a POST request which in turn will send a POST request to our Azure Logic App.

Action – Parse JSON

The Trigger receives a payload for the POST request made by Doppler webhook in below format –

{
  "type": "config.secrets.update",
  "config": {
    "name": "",
 --> name of config
    "root": false, --> denotes if config is root config or child config
    "locked": false,
    "initial_fetch_at": "",
    "last_fetch_at": "",
    "created_at": "",
    "environment": "",
 --> environment name 
    "project": "", --> project name
    "slug": ""
  },
  "project": {
    "id": "",  --> project id
    "slug": "", --> project slug
    "name": "", --> project name
    "description": "", --> project description
    "created_at": "2022-03-17T08:13:06.858Z"
  },
  "workplace": {
    "id": "",  --> workplace id
    "name": "",
 --> workplace name
    "billing_email": ""
 --> workplace billing email address
  }
}

The PARSE JSON action will take care of parsing this and we can create 2 variables for grabbing the values config.name and config.project.

Condition –

The condition I have configured in the above logic app is my own scenario wherein I want to get updated only when secret in only selective environments get changed.

Create a webhook in a Doppler project –

Understand that a webhook when created in Doppler receives a POST request from Doppler whenever the secret changes in the project for which the webhook was configured.

Navigate to your project in Doppler and click on Integrations, in my case it is a test project with 3 environments Development, Staging & Production as shown below –

In the page that opens up, please choose the Webhooks option in the left nav. A pop up should open asking for a webhook address as shown below –

To get the address of your webhook, please navigate to Azure Logic App’s “When an HTTP Request is Received” trigger and click on edit.

The “HTTP POST URL” is what should go in as your webhook address. This tells the webhook in doppler to send a POST request to Azure Logic App whenever a secret is updated.

Send a notification to Teams Channel –

This is probably the last action in Azure Logic App that needs to be configured so that you can receive a notification in teams channel whenever a secret is updated.

Below is an example –

SAMPLE OUTPUT –

Here is how the notification in teams channel looks like –

NOTE –

As of today the Webhook designed by Doppler is only being used for triggering CI CD operations like redeployment.

The Webhook internally uses something along the lines of doppler run and we don’t really need to know which secret changed.

That being said to suit our requirement and for scenarios like this where we not only need to notify in the message the secret that changed but the secret name that changed as well, I have opened a feature request with Doppler on their community forum.

The Doppler team’s response has been very swift and they have been very kind in considering this request. I will keep the blog post updated as and when the feature becomes available.

You can check out the feature request here – https://community.doppler.com/t/webhook-shows-a-config-was-updated-but-doesnt-give-info-about-which-secret-in-config-was-updated/903

Advertisement

Published by Yash kamdar

Yash Kamdar is a Cloud Engineer based out of India. He is an Author, Trainer, Speaker and also run his own Youtube channel- Power Podium.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s