This project uses Terraform to provision infrastructure on DigitalOcean, with remote state managed in Terraform Cloud and secrets managed using Doppler.
It follows the structure and recommendations from ROADMAP.sh: Infrastructure as Code on DigitalOcean.
This project uses Terraform to provision a DigitalOcean Droplet. It leverages Terraform Cloud for state management and Doppler for secrets management.
- Terraform
- Terraform Cloud
- DigitalOcean
- Doppler – secret management
Before you begin, make sure you have the following:
- Terraform CLI
- Doppler CLI
- A DigitalOcean account and API token
- A Terraform Cloud account
Create a new project in Doppler and add the following secrets:
DO_TOKEN– Your DigitalOcean API tokenTF_TOKEN_APP_TERRAFORM_IO– Your Terraform Cloud API tokenTF_VAR_DO_TOKEN– Same asDO_TOKEN(used by Terraform)TFE_TOKEN– Another Terraform Cloud API token (used for authentication)
In your Terraform Cloud workspace, add these variables:
ssh_pub_key– Your public SSH key (used to access the Droplet)DO_TOKEN– Your DigitalOcean API token (same as in Doppler)
Run the following commands to authenticate with Doppler and initialize Terraform:
doppler login
doppler setup
doppler run -- terraform init
doppler run -- terraform apply- Ensure your SSH key is added to DigitalOcean.
- Workspace must be configured in Terraform Cloud before running
apply. - Never commit your tokens or secrets to the repo. Always use Doppler or environment variables to handle sensitive data.

