Brian Vallelunga

Hey, all. It's great to be here. Yeah, Doppler is a secrets manager designed to be your single source of truth for secrets across all your projects, environments, team members, and infrastructure. So you can kind of think about it like it's get up for secrets. Right.

Hey, all. It's great to be here. Yeah, Doppler is a secrets manager designed to be your single source of truth for secrets across all your projects, environments, team members, and infrastructure. So you can kind of think about it like it's get up for secrets. Right.

Yeah. Outside of API keys, like a Stripe token, database URLs, encryption keys are typically the ones that we see the most. I also just have a general thought process around this of anything that's configured by the environment should be treated as a secret, so it should be treated like the most sensitive thing. So we recommend to our audience that

Yeah. Outside of API keys, like a Stripe token, database URLs, encryption keys are typically the ones that we see the most. I also just have a general thought process around this of anything that's configured by the environment should be treated as a secret, so it should be treated like the most sensitive thing. So we recommend to our audience that

You should kind of treat your environment variables and your secrets all the same, right? Your port and feature flag should be treated as securely as your secrets. That way, developers don't need to make the choice of is this secure or is this not? They're always just doing the secure thing by default.

You should kind of treat your environment variables and your secrets all the same, right? Your port and feature flag should be treated as securely as your secrets. That way, developers don't need to make the choice of is this secure or is this not? They're always just doing the secure thing by default.

And then the trick is just make that that whole workflow and tooling as developer friendly as possible. So they wanted to go down that path.

And then the trick is just make that that whole workflow and tooling as developer friendly as possible. So they wanted to go down that path.

Yeah, it's a that's pretty much the two paths that we see, either some encrypted file somewhere or it's just directly available in the environment. I'm a pretty big fan of. if you're going to do the environment path or inject it through the environment, immediately do a cleanup of the environment before all your other dependencies could get loaded in.

Yeah, it's a that's pretty much the two paths that we see, either some encrypted file somewhere or it's just directly available in the environment. I'm a pretty big fan of. if you're going to do the environment path or inject it through the environment, immediately do a cleanup of the environment before all your other dependencies could get loaded in.

So like basically load those secrets out of the environment, then clean them up from the environment, then load everything else. That way you can't have like a rogue dependency, go and capture all your secrets and then send it somewhere. The other path of like using a file that's encrypted is also a really good path too. So I think both are pretty good.

So like basically load those secrets out of the environment, then clean them up from the environment, then load everything else. That way you can't have like a rogue dependency, go and capture all your secrets and then send it somewhere. The other path of like using a file that's encrypted is also a really good path too. So I think both are pretty good.

So are you I'm guessing you have your secrets stored on like AWS secrets manager and then those secrets are then pushed into the container.

So are you I'm guessing you have your secrets stored on like AWS secrets manager and then those secrets are then pushed into the container.

Sounds like you guys are pretty well set up. I mean, that's the dream is to make Secret management is super easy and simple, but also very secure at the same time.

Sounds like you guys are pretty well set up. I mean, that's the dream is to make Secret management is super easy and simple, but also very secure at the same time.

Yeah, so I think Doppler kind of comes from a first principle standpoint about what does a good secrets manager look like? And for us, we have a couple of things that we deeply care about. First is that all your secrets are centralized in one place across your projects and environments.

Yeah, so I think Doppler kind of comes from a first principle standpoint about what does a good secrets manager look like? And for us, we have a couple of things that we deeply care about. First is that all your secrets are centralized in one place across your projects and environments.

And once they're all in one place, we can set up pretty robust access controls, either by users or by groups that are policy driven. And then from there, you get a complete audit story.

And once they're all in one place, we can set up pretty robust access controls, either by users or by groups that are policy driven. And then from there, you get a complete audit story.