Dotvault vs Doppler
Cloud subscription platform versus local one-time-purchase desktop app
Doppler and Dotvault are both in the business of keeping secrets out of the wrong places, but they sit at very different ends of that problem. Doppler is a hosted platform where your team’s secrets live in the cloud, synced out to whichever services need them. Dotvault is a macOS app where your .env files live on your own machine, edited locally and never synced anywhere. Whether one fits you better than the other usually comes down to whether the primary problem is “the team needs to share these” or “I need to manage these”.
Quick comparison
| Feature | Dotvault | Doppler |
|---|---|---|
| What it is | macOS desktop app for editing .env files | Cloud platform for managing and syncing secrets |
| Pricing | £29 one-time, 14-day free trial | Per-user monthly subscription (free tier + paid tiers) |
| Where secrets live | Encrypted on your Mac, never synced | Stored in Doppler’s cloud, synced to your services |
| Team features | Single developer, no accounts | Built for teams — roles, audit logs, SSO |
| Offline use | Fully offline | Requires Doppler cloud to fetch values |
| Account required | None | Yes, per user |
| Best for | Solo developers managing their own .env files | Teams needing shared, access-controlled secrets |
Cloud platform versus local tool
Doppler is a full secrets-management platform. Every secret lives in Doppler’s cloud database, scoped by project and environment, pushed out on demand to wherever you’ve wired it up: CI runners, Vercel projects, Kubernetes clusters, local shells via the Doppler CLI. The point of paying for Doppler is that you don’t have to think about how secrets get to each environment — Doppler does that for you, consistently, with an audit trail.
Dotvault is none of those things. Dotvault doesn’t have a cloud, doesn’t have an account system, and doesn’t sync anything between machines. It’s a desktop app that sits next to the .env files already on your Mac and makes them nicer to work with — inline annotations, snapshots, diffs, framework awareness, encryption at rest.
So they aren’t really in competition so much as they’re answering different questions. Doppler is the answer to “how does my team get the same set of secrets onto every machine that needs them?” Dotvault is the answer to “how do I stop accidentally breaking my local config every time I edit a .env?”
Pricing — subscription versus one-time
Doppler’s pricing scales with team size and feature tier. There’s a free developer tier, and paid plans are billed per user per month, which makes sense for a team tool — the more people on your team, the more value the platform is giving you. For larger teams or regulated industries, you’re looking at a recurring cost that sits somewhere in the “real line item on the company bill” range.
Dotvault is £29 once. No account, no subscription, no per-seat pricing. You pay once, you own it, I keep shipping updates, and that’s the end of the transaction. If you stop paying for Doppler, you lose access to your secrets. If you stop using Dotvault, your .env files are right where they always were — on disk, in the format they’ve always been in.
That difference matters less when the subscription is a small slice of a company’s cloud spend. It matters a lot more when the person paying the bill is the same person editing the file.
Where your secrets live
With Doppler, your secrets live in Doppler’s cloud. That’s the feature — they’re centralised, versioned, access-controlled, and reachable from anywhere one of your services needs them. The trade is that you’re trusting a third party with the plaintext of every secret your team uses, and you depend on their uptime for your apps to start up correctly.
With Dotvault, your secrets live on your Mac. The file is encrypted at rest using a key stored in the macOS keychain, tied to your system login. Nothing is sent to me, nothing is synced to a server, nothing depends on a remote service being online. If your laptop is stolen, the file on disk can’t be read without your macOS password. If my server goes down at 2 a.m., your local .env is untouched.
There’s a real argument for either model depending on the scenario. A team of thirty engineers sharing a staging database password is a terrible candidate for “everyone keeps a copy on their laptop”. A solo developer with their own Stripe test keys is a terrible candidate for “set up an account-based cloud platform, assign seats, configure SSO”.
Who should use which
You should use Doppler if you have a team, if those teammates need the same secrets across multiple environments, if you need roles and audit logs to satisfy someone in security or compliance, and if the per-seat cost is a reasonable fraction of what a secret leak would cost you.
You should use Dotvault if you’re working on your own projects or on a small team where everyone already has their own copy of the .env file, and the problem isn’t “how do I distribute these” but “how do I actually edit these without shooting myself in the foot”. No account to set up, no subscription to defend at renewal time, and the file stays on your machine throughout.
If you’re genuinely between the two — a tiny team where each developer still has their own .env — Dotvault is probably the cheaper and simpler starting point. Doppler is the tool you graduate to when the sharing problem has become a real one.