boltenv vs Doppler
boltenv vs Doppler: client-side encryption vs server-side.
Both boltenv and Doppler solve the problem of sharing secrets with your team. The key difference: boltenv encrypts on your machine before secrets leave — Doppler's servers hold the decryption keys. If you're a small team already on GitHub, boltenv gives you more security for less money.
Choose boltenv when…
- ✓Your team is 1–10 people and already uses GitHub
- ✓You want true zero-knowledge encryption (server cannot read your secrets)
- ✓You don't want to pay $10/user/month for a team plan
- ✓You prefer a CLI-only workflow with no web dashboard
- ✓You need CI/CD integration without a new vendor account
- ✓You want to use GitHub repo permissions as your access control list
Choose Doppler when…
- ·You need a polished web dashboard for non-technical stakeholders
- ·You need fine-grained per-secret access control (not per-repo)
- ·You need integrations with AWS, GCP, Vercel, Heroku, etc.
- ·You have a large org with complex permission hierarchies
- ·You need audit logs with SOC2 compliance documentation
Feature comparison
| Feature | boltenv | Doppler |
|---|---|---|
| Encryption location | ✓Client-side (your machine) | Server-side (Doppler holds keys) |
| Access control | ✓GitHub repo permissions | Doppler's own IAM system |
| New account required | ✓No — GitHub OAuth | Yes — Doppler account |
| Free tier | ✓Up to 3 users, 5 repos | 1 user only |
| Team pricing | ✓$8/user/month ($24 min) | $10/user/month ($45 min) |
| Web dashboard | None (CLI only) | Full web UI |
| Version history | 50 versions (Team) | Unlimited |
| CLI experience | ✓push / pull — 2 commands | doppler run / secrets download |
| CI/CD setup | 3 env vars (TOKEN, KEY, REPO) | DOPPLER_TOKEN only |
| Third-party integrations | GitHub only | 40+ (Vercel, AWS, Heroku…) |
| Conflict resolution | ✓Three-way merge | Last write wins |
| Server compromise | ✓Safe (ciphertext only) | Secrets exposed |
Encryption location
boltenv
Client-side (your machine)
Doppler
Server-side (Doppler holds keys)
Access control
boltenv
GitHub repo permissions
Doppler
Doppler's own IAM system
New account required
boltenv
No — GitHub OAuth
Doppler
Yes — Doppler account
Free tier
boltenv
Up to 3 users, 5 repos
Doppler
1 user only
Team pricing
boltenv
$8/user/month ($24 min)
Doppler
$10/user/month ($45 min)
Web dashboard
boltenv
None (CLI only)
Doppler
Full web UI
Version history
boltenv
50 versions (Team)
Doppler
Unlimited
CLI experience
boltenv
push / pull — 2 commands
Doppler
doppler run / secrets download
CI/CD setup
boltenv
3 env vars (TOKEN, KEY, REPO)
Doppler
DOPPLER_TOKEN only
Third-party integrations
boltenv
GitHub only
Doppler
40+ (Vercel, AWS, Heroku…)
Conflict resolution
boltenv
Three-way merge
Doppler
Last write wins
Server compromise
boltenv
Safe (ciphertext only)
Doppler
Secrets exposed
Pricing
boltenv
$0–$8/user/mo
boltenv free tier supports 3 users vs Doppler's 1. At team scale, boltenv is $8/user vs Doppler's $10/user ($6/user annual vs $9/user annual).
Doppler
$0–$10/user/mo
boltenv free tier supports 3 users vs Doppler's 1. At team scale, boltenv is $8/user vs Doppler's $10/user ($6/user annual vs $9/user annual).
Migration
Switch from Doppler to boltenv in 5 minutes.
- 01
Export your current secrets from Doppler as a .env file.
- 02
Install boltenv and log in with GitHub.
- 03
Push your exported .env to boltenv — it encrypts locally before upload.
- 04
Share the encryption key with teammates via boltenv key export.
- 05
Update CI/CD: replace DOPPLER_TOKEN with BOLTENV_TOKEN, BOLTENV_KEY, BOLTENV_REPO.
# Export from Doppler doppler secrets download --no-file --format env > .env # Push to boltenv (encrypts locally, no plaintext leaves your machine) npm install -g @boltenv.dev/cli boltenv login boltenv push # Share the key with your team boltenv key export # Update CI — replace this: # DOPPLER_TOKEN=dp.st.xxxx # With these: # BOLTENV_TOKEN=ghp_xxxx # BOLTENV_KEY=dGhpcyBpcyBhIDMyIGJ5dGUga2V5... # BOLTENV_REPO=myorg/myapp
Verdict
Doppler is a mature, polished product with an excellent web UI and deep integrations. If you need those features and can justify $10/user/month, it's a solid choice. But if you're a small team on GitHub who wants true zero-knowledge encryption — where even Doppler themselves cannot read your secrets — and a simpler $8/user pricing, boltenv wins on both security architecture and cost.