Hardcoding secrets in GitHub Actions increases the security risk and surface area for breaches, as seen in the high number of leaked secrets in GitHub repositories. To address this issue, Doppler's `doppler run` command enables dynamic, secure secret injection at runtime, improving auditability and reducing exposure. By replacing hardcoded secrets with Doppler's runtime-secure fetch capabilities, developers can streamline their CI/CD workflows and reduce the risk of data breaches. The `doppler run` command injects secrets as environment variables for a single command execution, but it comes with caveats due to its direct use in GitHub Actions. A more recommended approach is to use Doppler's Sync Integration or Fetch Secrets Action, which offer robustness and automatic masking, reducing the risk of data breaches and elevating application security.