Управление секретами, или использование инструментов для доступа и создания учетных данных цифровой аутентификации, получило широкое распространение до пандемии. Но поскольку кризис в области здравоохранения вынудил предприятия перейти в онлайн, управление секретами стало неотъемлемой частью операций. Согласно опросу 1Password 2021 года, 65% компаний сейчас имеют более 500 секретов, а 18% — больше, чем они могут сосчитать.
Однако управление секретами, как правило, является утомительным и дорогостоящим занятием, поскольку специалисты DevOps и ИТ-специалисты, отвечая на опрос 1Password, заявили, что они тратят в среднем 25 минут каждый день на управление секретами при ежегодном расходе на заработную плату примерно в 8,5 млрд. долл.. Поиск решений проблемы привел к появлению таких стартапов, как Doppler, предлагающий сервис, который разработчики могут использовать для управления и защиты секретов — особенно секретов приложений — «в масштабе» в корпоративных средах. Компания Doppler сегодня объявила о привлечении 20 млн. долл. в рамках финансирования серии A для дальнейшего развития своих возможностей секретной синхронизации.
«Существующие инструменты управления секретами разработаны инженерами по безопасности для инженеров по безопасности… эти инструменты громоздки в использовании и не ориентированы на опыт разработчиков», — сказал соучредитель и генеральный директор Брайан Валлелунга TechCrunch по электронной почте. «После серьезного исследования, [I started] работа на платформе SecretsOps, предназначенной для разработчиков и их команд [that became Doppler.”
Launching Doppler
Doppler is Vallelunga's fifth venture after Laborate (a classroom collaboration app), Juicy (an “anonymous” social network), Burl Apps (a mobile app incubator) and Miza (an ad platform that bypasses ad blockers). He also did a stint as a software engineer at Uber, where he worked on the app safety team.
Thomas Piccirello, Doppler's other cofounder, was previously a software engineer at BlackRock and founded a cloud-based insurance claims management startup (AI Insurance). Vallelunga and Piccirello met after Doppler joined Y Combinator's W19 cohort.
Managing app secrets in Doppler.
“The ability to securely store, transmit and audit secrets has never been more critical as one minor error can lead to catastrophic results,” CRV general partner Murat Bicer, a Doppler investor, said in a statement. “In a world where putting a single space in the wrong place can literally take down a company's entire website, Doppler makes it easy to prevent leaks and outages with their developer focused approach.”
“Secrets” in the context of app development refers to anything about an app that a developer wants to keep secret. This could include passwords and credentials, but also things like API keys and digital certificates.
Doppler's platform serves as an encrypted source of truth, allowing teams to organize their app secrets across projects and environment and roll back changes where necessary. Users can create references to frequently-used secrets in Doppler and get alerts via Slack and Microsoft Teams when things change.
Doppler's command-line interface knows which secrets to fetch based on the project directory. And it automates secret syncing, requiring developers to update secrets only once.
Growing industry
The benefits of secrets management are clear. According to a 2019 report commissioned by ThycoticCentrify — which, it should be noted, is a secrets management software vendor — 57% of respondents said they'd experienced a security incident related to exposed secrets from insecure DevOps processes. 1Password pegs the cost of a company losing control of its secrets at $1.2 million in revenue per year.
Judging by the early traction, companies are indeed seeing the value in products like Doppler's. Vallelunga says that Doppler has 16,000 organizations as customers including Puma, Hopin, Toast and OnDeck and is serving more than 1.5 billion secrets every month.
Of course, Doppler isn't alone in competing for enterprises' dollars to manage secrets. Vallelunga sees HashiCorp Vault as Doppler's closest rival, but there's also AWS Secrets Manager, the aforementioned 1Password and Google Cloud's Secret Manager, among others.
Grand View Research predicts that the password management market alone will be worth up to $2.05 billion by 2025.
Image Credits: Doppler
As in any industry, expanding the addressable market for secrets management will require convincing holdouts to embrace new software and technologies. One source, Ekran systems, a threat monitoring software vendor, estimates that only 10% of organizations were using secrets management solutions as of 2019.
Vallelunga's strategy is to invest heavily — and simultaneously — in engineering and product development. Doppler will more than double its workforce from 22 to 50 by the end of the year and launch new features including a “pull request” flow for secrets, he says. Other additions will include “secrets rotation” and “dynamic secrets” to, in Vallelunga's words, “give organizations a way to move off of long-lived static secrets.” As the names imply, a dynamic secret is generated on-demand while a static secret is defined ahead of time.
“[These capabilities] предоставит разработчикам и их командам инструменты, необходимые для проверки критических изменений в их секретах в масштабе», — продолжил Валлелунга.
CRV возглавила серию A Doppler с участием GV, Sequoia Capital и Y Combinator, а также бизнес-ангелов, включая генерального директора GitHub Томаса Домке, генерального директора Datadog Оливье Помеля, основателя Twilio Эвана Кука и генерального директора Postman Анкита Собти. На сегодняшний день стартап привлек $28,8 млн капитала.