Brian Vallelunga

And we're going to try to make as easy as possible, but it's going to be it's going to be an uphill battle. But if we can do that, we're in a secret.

And we're going to try to make as easy as possible, but it's going to be it's going to be an uphill battle. But if we can do that, we're in a secret.

There is a little bit of an open standards, mostly between like AWS and X like Doppler or whatever it may be, but there is no open standard on, or even a standard altogether on the like secrets manager to third-party service like Stripe or Twilio. So I think our goal is we're gonna probably try to create an open standard

There is a little bit of an open standards, mostly between like AWS and X like Doppler or whatever it may be, but there is no open standard on, or even a standard altogether on the like secrets manager to third-party service like Stripe or Twilio. So I think our goal is we're gonna probably try to create an open standard

that both sides adhere to so that if you're anywhere in this chain, you can directly, you can just plug in very quickly. And I think we'll probably have to build SDKs for like every primary language and Kubernetes and a bunch of other infrastructure tooling as well. So just like works out of the box.

that both sides adhere to so that if you're anywhere in this chain, you can directly, you can just plug in very quickly. And I think we'll probably have to build SDKs for like every primary language and Kubernetes and a bunch of other infrastructure tooling as well. So just like works out of the box.

All right. So I have four questions that I think every person listening should ask themselves. And it's like basically a very simple sniff test to see if I have a problem. So to highlight what the problem is, it's called secret sprawl. And that is basically all your secrets are scattered across a bunch of different places.

All right. So I have four questions that I think every person listening should ask themselves. And it's like basically a very simple sniff test to see if I have a problem. So to highlight what the problem is, it's called secret sprawl. And that is basically all your secrets are scattered across a bunch of different places.

And because of that, you have no way of controlling it or governing it, which is like one of the most important parts about protecting your secrets is being able to govern those secrets. And so the four questions are, can you confidently answer where all my secrets are?

And because of that, you have no way of controlling it or governing it, which is like one of the most important parts about protecting your secrets is being able to govern those secrets. And so the four questions are, can you confidently answer where all my secrets are?

Not just the ones that you know about in a secrets manager somewhere, but all the ones on developers' laptops, all the ones in Slack, in email, in your code somewhere. You got to have a complete picture of where all your secrets are. And you got to be able to make that guarantee that you're not going to miss one by not knowing about it. And I'll talk about how to solve that in a second.

Not just the ones that you know about in a secrets manager somewhere, but all the ones on developers' laptops, all the ones in Slack, in email, in your code somewhere. You got to have a complete picture of where all your secrets are. And you got to be able to make that guarantee that you're not going to miss one by not knowing about it. And I'll talk about how to solve that in a second.

The second is, do you know who has access to all of those secrets? And this gets really scary, especially if you don't have like a centralized system, because like if I have a file, I can just share it to another person and no one on the security team is going to know about that. Can I control who has accessed those secrets when they were accessed and by who? Right.

The second is, do you know who has access to all of those secrets? And this gets really scary, especially if you don't have like a centralized system, because like if I have a file, I can just share it to another person and no one on the security team is going to know about that. Can I control who has accessed those secrets when they were accessed and by who? Right.

So do I have access controls and do I have an autolog associated with those access events? And then most importantly, when a data breach does happen, can I stop it very, very quickly? When I say quickly, I mean in the orders of seconds and minutes, not in the order of days and weeks or months.

So do I have access controls and do I have an autolog associated with those access events? And then most importantly, when a data breach does happen, can I stop it very, very quickly? When I say quickly, I mean in the orders of seconds and minutes, not in the order of days and weeks or months.

And so if you cannot answer those four questions confidently, like to the point where your job would be on the line for it because it essentially is on the line for it, then you have a problem. And I can talk about in a sec what it looks like to have a solution there.

And so if you cannot answer those four questions confidently, like to the point where your job would be on the line for it because it essentially is on the line for it, then you have a problem. And I can talk about in a sec what it looks like to have a solution there.

I don't have to go into like Doppler's features, but I can talk about like the fundamental properties you'd want to look for in any secrets manager, Doppler or someone else.

I don't have to go into like Doppler's features, but I can talk about like the fundamental properties you'd want to look for in any secrets manager, Doppler or someone else.