Valentino Stoll

We use a lot of AWS stuff to handle a lot of the... They have a secrets management deal in there. Yeah, and I think it may even be isolated from the main environments too and handled that way in an isolated environment. We use Docker as well, so It could be like an isolated container that then feeds back into the other container.

We use a lot of AWS stuff to handle a lot of the... They have a secrets management deal in there. Yeah, and I think it may even be isolated from the main environments too and handled that way in an isolated environment. We use Docker as well, so It could be like an isolated container that then feeds back into the other container.

Yeah, I think so. Something like that. It may even be one step further where it's in AWS and then at like run run time. It's like the secrets are loaded into the app's memory for the particular use case. I don't really know all of the details, to be honest. I'm not on the infrastructure team. Everyone's like, well, we have to rotate keys. And that's definitely an easy process for us.

Yeah, I think so. Something like that. It may even be one step further where it's in AWS and then at like run run time. It's like the secrets are loaded into the app's memory for the particular use case. I don't really know all of the details, to be honest. I'm not on the infrastructure team. Everyone's like, well, we have to rotate keys. And that's definitely an easy process for us.

But yeah, we have some command line that does it. It's not just like changing the environment variable.

But yeah, we have some command line that does it. It's not just like changing the environment variable.

Yeah, that makes me curious because I think at one time we were using... I forget what HashRocket's product is. We ended up moving away from that. Yeah, I don't know. We were using some vendor for doing the secrets management. But yeah, having a command line or some kind of central place, a command line doesn't even need to...

Yeah, that makes me curious because I think at one time we were using... I forget what HashRocket's product is. We ended up moving away from that. Yeah, I don't know. We were using some vendor for doing the secrets management. But yeah, having a command line or some kind of central place, a command line doesn't even need to...

be your UX of choice, but just having the centralized place where all of that access points happen, it definitely helps isolate and track, to be honest, who's touching what and changing it. I don't know if Doppler has those kind of features as far as tracking changes and getting the full logs and things like that, but that's definitely been super valuable.

be your UX of choice, but just having the centralized place where all of that access points happen, it definitely helps isolate and track, to be honest, who's touching what and changing it. I don't know if Doppler has those kind of features as far as tracking changes and getting the full logs and things like that, but that's definitely been super valuable.

Yeah. That's always makes me wonder, like, cause there's two parts of this, right? Like we have the secrets and then there's like the whole encryption aspect of it, which is his own separate beast of the discussion.

Yeah. That's always makes me wonder, like, cause there's two parts of this, right? Like we have the secrets and then there's like the whole encryption aspect of it, which is his own separate beast of the discussion.

Well, what you're, I mean, ultimately what you're using a lot of the secrets for, I would imagine is to encrypt something or, or even to, yeah, I mean, to encrypt stuff.

Well, what you're, I mean, ultimately what you're using a lot of the secrets for, I would imagine is to encrypt something or, or even to, yeah, I mean, to encrypt stuff.

Yeah, that's all. I always want to, one of the biggest things that, uh, I always hope for when I'm like getting a new vendor, like access token or whatever it may be, is that they like have some kind of like, you know, whitelist stability with like either their domain or

Yeah, that's all. I always want to, one of the biggest things that, uh, I always hope for when I'm like getting a new vendor, like access token or whatever it may be, is that they like have some kind of like, you know, whitelist stability with like either their domain or

like a domain key or some kind of identifier that can be like, you know, securely matched when the handshake is made using their service from whatever server that you end up using. In my experience, it's honestly very rare that that actually happens.

like a domain key or some kind of identifier that can be like, you know, securely matched when the handshake is made using their service from whatever server that you end up using. In my experience, it's honestly very rare that that actually happens.

That makes a lot of sense, you saying that your customers mostly store access tokens because most vendors don't give you that whitelist ability and handshake process, which is very important. I think it causes a lot of the breaches when it's not there.

That makes a lot of sense, you saying that your customers mostly store access tokens because most vendors don't give you that whitelist ability and handshake process, which is very important. I think it causes a lot of the breaches when it's not there.