diff --git a/pkg/cmd/run.go b/pkg/cmd/run.go
index a82a9cc5..793ed7f1 100644
--- a/pkg/cmd/run.go
+++ b/pkg/cmd/run.go
@@ -38,8 +38,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var defaultFallbackDir string
-
 const defaultFallbackFileMaxAge = 14 * 24 * time.Hour // 14 days
 const defaultLivenessPingIntervalSeconds = 60 * 5 * time.Second
 
@@ -445,9 +443,9 @@ var runCleanCmd = &cobra.Command{
 		dryRun := utils.GetBoolFlag(cmd, "dry-run")
 		all := utils.GetBoolFlag(cmd, "all")
 
-		utils.LogDebug(fmt.Sprintf("Using fallback directory %s", defaultFallbackDir))
+		utils.LogDebug(fmt.Sprintf("Using fallback directory %s", configuration.UserFallbackDir))
 
-		if _, err := os.Stat(defaultFallbackDir); err != nil {
+		if _, err := os.Stat(configuration.UserFallbackDir); err != nil {
 			if os.IsNotExist(err) {
 				utils.LogDebug("Fallback directory does not exist")
 				utils.Print("Nothing to clean")
@@ -457,7 +455,7 @@ var runCleanCmd = &cobra.Command{
 			utils.HandleError(err, "Unable to read fallback directory")
 		}
 
-		entries, err := ioutil.ReadDir(defaultFallbackDir)
+		entries, err := ioutil.ReadDir(configuration.UserFallbackDir)
 		if err != nil {
 			utils.HandleError(err, "Unable to read fallback directory")
 		}
@@ -486,7 +484,7 @@ var runCleanCmd = &cobra.Command{
 			}
 
 			if delete {
-				file := filepath.Join(defaultFallbackDir, entry.Name())
+				file := filepath.Join(configuration.UserFallbackDir, entry.Name())
 				utils.LogDebug(fmt.Sprintf("%s %s", action, file))
 
 				if dryRun {
@@ -517,7 +515,7 @@ var runCleanCmd = &cobra.Command{
 func legacyFallbackFile(project string, config string) string {
 	name := fmt.Sprintf("%s:%s", project, config)
 	fileName := fmt.Sprintf(".run-%s.json", crypto.Hash(name))
-	return filepath.Join(defaultFallbackDir, fileName)
+	return filepath.Join(configuration.UserFallbackDir, fileName)
 }
 
 // generate the passphrase used for encrypting a secrets file
@@ -552,15 +550,15 @@ func initFallbackDir(cmd *cobra.Command, config models.ScopedOptions, format mod
 		}
 	} else {
 		fallbackFileName := fmt.Sprintf(".secrets-%s.json", controllers.GenerateFallbackFileHash(config.Token.Value, config.EnclaveProject.Value, config.EnclaveConfig.Value, format, nameTransformer, secretNames))
-		fallbackPath = filepath.Join(defaultFallbackDir, fallbackFileName)
+		fallbackPath = filepath.Join(configuration.UserFallbackDir, fallbackFileName)
 		// TODO remove this when releasing CLI v4 (DPLR-435)
 		if config.EnclaveProject.Value != "" && config.EnclaveConfig.Value != "" {
 			// save to old path to maintain backwards compatibility
 			legacyFallbackPath = legacyFallbackFile(config.EnclaveProject.Value, config.EnclaveConfig.Value)
 		}
 
-		if !utils.Exists(defaultFallbackDir) {
-			err := os.Mkdir(defaultFallbackDir, 0700)
+		if !utils.Exists(configuration.UserFallbackDir) {
+			err := os.Mkdir(configuration.UserFallbackDir, 0700)
 			if err != nil {
 				utils.LogDebug("Unable to create directory for fallback file")
 				if exitOnWriteFailure {
@@ -584,9 +582,6 @@ func initFallbackDir(cmd *cobra.Command, config models.ScopedOptions, format mod
 }
 
 func init() {
-	defaultFallbackDir = filepath.Join(configuration.UserConfigDir, "fallback")
-	controllers.DefaultMetadataDir = defaultFallbackDir
-
 	forwardSignals := !isatty.IsTerminal(os.Stdout.Fd())
 
 	runCmd.Flags().StringP("project", "p", "", "project (e.g. backend)")
diff --git a/pkg/configuration/config.go b/pkg/configuration/config.go
index a5bec098..33f7df4a 100644
--- a/pkg/configuration/config.go
+++ b/pkg/configuration/config.go
@@ -37,6 +37,12 @@ var UserConfigDir string
 // UserConfigFile (e.g. /home/user/doppler/.doppler.yaml)
 var UserConfigFile string
 
+// UserFallbackDir (e.g. /home/user/doppler/.doppler.yaml)
+var UserFallbackDir string
+
+// UserMetadataDir the directory containing metadata files
+var UserMetadataDir string
+
 // Scope to use for config file
 var Scope = "."
 
@@ -54,6 +60,8 @@ func init() {
 
 func SetConfigDir(dir string) {
 	UserConfigDir = dir
+	UserFallbackDir = filepath.Join(dir, "fallback")
+	UserMetadataDir = UserFallbackDir
 	UserConfigFile = filepath.Join(UserConfigDir, configFileName)
 }
 
diff --git a/pkg/controllers/fallback.go b/pkg/controllers/fallback.go
index 3a879c99..0275608c 100644
--- a/pkg/controllers/fallback.go
+++ b/pkg/controllers/fallback.go
@@ -24,15 +24,13 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/DopplerHQ/cli/pkg/configuration"
 	"github.com/DopplerHQ/cli/pkg/crypto"
 	"github.com/DopplerHQ/cli/pkg/models"
 	"github.com/DopplerHQ/cli/pkg/utils"
 	"gopkg.in/yaml.v3"
 )
 
-// DefaultMetadataDir the directory containing metadata files
-var DefaultMetadataDir string
-
 func GenerateFallbackFileHash(token string, project string, config string, format models.SecretsFormat, nameTransformer *models.SecretsNameTransformer, secretNames []string) string {
 	parts := []string{token}
 	if project != "" && config != "" {
@@ -63,7 +61,7 @@ func GenerateFallbackFileHash(token string, project string, config string, forma
 // MetadataFilePath calculates the name of the metadata file
 func MetadataFilePath(token string, project string, config string, format models.SecretsFormat, nameTransformer *models.SecretsNameTransformer, secretNames []string) string {
 	fileName := fmt.Sprintf(".metadata-%s.json", GenerateFallbackFileHash(token, project, config, format, nameTransformer, secretNames))
-	path := filepath.Join(DefaultMetadataDir, fileName)
+	path := filepath.Join(configuration.UserMetadataDir, fileName)
 	if absPath, err := filepath.Abs(path); err == nil {
 		return absPath
 	}
diff --git a/tests/e2e/secrets-download-fallback.sh b/tests/e2e/secrets-download-fallback.sh
index b3655414..72612bce 100755
--- a/tests/e2e/secrets-download-fallback.sh
+++ b/tests/e2e/secrets-download-fallback.sh
@@ -43,6 +43,20 @@ beforeEach
 
 beforeEach
 
+# test fallback file and metadata file respect DOPPLER_CONFIG_DIR
+test_config_dir='/tmp/doppler-fallback-config-test'
+test_fallback_dir="$test_config_dir/fallback"
+mkdir -p "$test_fallback_dir"
+DOPPLER_CONFIG_DIR="$test_config_dir" "$DOPPLER_BINARY" secrets download --no-file > /dev/null
+
+fallback_file_count="$(find "$test_fallback_dir" -name '.secrets-*' | wc -l)"
+[[ "$fallback_file_count" == "1" ]] || (echo "ERROR: 'run' did not create fallback file in DOPPLER_CONFIG_DIR/fallback" && exit 1)
+
+metadata_file_count="$(find "$test_fallback_dir" -name '.metadata-*' | wc -l)"
+[[ "$metadata_file_count" == "1" ]] || (echo "ERROR: 'run' did not create metadata file in DOPPLER_CONFIG_DIR/fallback" && exit 1)
+
+beforeEach
+
 # test fallback-readonly doesn't write a fallback file
 "$DOPPLER_BINARY" secrets download --no-file --fallback-readonly > /dev/null
 "$DOPPLER_BINARY" secrets download --no-file --fallback-only > /dev/null 2>&1 && (echo "ERROR: --fallback-readonly flag is not respected" && exit 1)