Skip to content

Add Vercel and Supabase secrets sync resources#158

Open
keito4 wants to merge 4 commits into
DopplerHQ:masterfrom
keito4:master
Open

Add Vercel and Supabase secrets sync resources#158
keito4 wants to merge 4 commits into
DopplerHQ:masterfrom
keito4:master

Conversation

@keito4
Copy link
Copy Markdown

@keito4 keito4 commented Feb 27, 2026
edited
Loading

Summary

  • Add doppler_secrets_sync_vercel and doppler_secrets_sync_supabase resources for syncing Doppler secrets to Vercel environment variables and Supabase Edge Functions secrets
  • Vercel team_id is Optional to support both team-scoped and personal account projects
  • variable_type defaults to "encrypted" and is always included in the create payload (Doppler API requires it)

Changes

  • doppler/resource_sync_types.go: Add resourceSyncVercel() and resourceSyncSupabase() with schema definitions, DataBuilder, and DataReader
  • doppler/resource_sync.go: Add SyncDataReaderFunc type and DataReader field to ResourceSyncBuilder, integrate into ReadContextFunc
  • doppler/models.go: Add Data field to Sync struct for reading sync configuration data
  • doppler/provider.go: Register new resources in provider
  • templates/ + examples/: Add tfplugindocs inputs and regenerate docs/ via make tfdocs

Import support

Import is not currently supported for sync resources. The Doppler API's GET /v3/configs/config/syncs/sync endpoint does not return type-specific fields (e.g. project_id, target_id) in its response, so terraform import cannot reconstruct the full state. DataReader is wired up and ready for when the API adds that support.

Test plan

  • terraform apply creates Vercel sync with team_id — verified against live Doppler + Vercel API
  • variable_type is correctly sent as "encrypted" when omitted
  • terraform destroy with delete_behavior = "leave_in_target" works
  • Verify doppler_secrets_sync_vercel creates a sync with personal account (without team_id)
  • Verify doppler_secrets_sync_supabase creates a sync
  • Verify delete_behavior = "delete_from_target" works correctly

🤖 Generated with Claude Code

keito4 and others added 4 commits February 25, 2026 22:16
@keito4
feat: add Vercel and Supabase secrets sync resources
33f954e 
Add support for syncing Doppler secrets to Vercel environment variables
and Supabase Edge Function secrets. Both use OAuth-based integrations
(created through Doppler UI), so only sync resources are added.

New resources:
- doppler_secrets_sync_vercel (team_id, project_id, target_id, variable_type)
- doppler_secrets_sync_supabase (project_id)
@keito4
feat: add DataReader to ResourceSyncBuilder for import support
a498fcc 
Add SyncDataReaderFunc callback to ResourceSyncBuilder that reads
sync-specific fields from the API response data into Terraform state.
This enables proper `terraform import` for sync resources by populating
type-specific fields (e.g., team_id, project_id) from the GET sync
API response.

Changes:
- models.go: Add Data field to Sync struct to capture API response data
- resource_sync.go: Add DataReader field and invoke it in ReadContextFunc
- resource_sync_types.go: Implement DataReader for Vercel and Supabase

The DataReader is optional (nil check) to maintain backward compatibility
with existing sync resources that don't implement it.
@keito4 @claude
fix: make Vercel team_id optional to support personal accounts
8ee85cf 
Vercel API does not require team_id for personal account projects.
Changed team_id from Required to Optional and updated docs examples
to better demonstrate optional fields (team_id, variable_type).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@keito4
Merge pull request #1 from keito4/feat/vercel-supabase-sync
ee47c8a 
feat: add Vercel and Supabase secrets sync resources
@keito4
Copy link
Copy Markdown
Author

keito4 commented Mar 16, 2026

Hi @amoses12 — I pushed a follow-up that aligns this PR with the repo's docs generation flow and fixes a payload issue I hit during live API testing.

Updates:

  • added the tfplugindocs inputs (examples/ + templates/) and regenerated docs
  • fixed variable_type so the create payload always includes it (the DiffSuppressFunc was causing GetOk to skip it when defaulting to "encrypted", which made the Doppler API reject the request)
  • verified Vercel create/delete against live Doppler + Vercel APIs

One current limitation: import still isn't possible for these sync resources because the GET sync endpoint returns data: null, so the type-specific fields needed to reconstruct state aren't available. I left the DataReader plumbing in place so the provider side is ready if/when that data becomes available.

Would you be open to reviewing/merging this without import support for now?

@emily-curry, if you have a moment, I'd appreciate a quick sanity check on the DataReader approach in resource_sync.go — it follows the same pattern you used for service account identity imports.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@keito4