Doppler Inc., the provider of a developer-centric secrets management platform for apps, today announced that the company raised $20 million in new early-stage funding led by CRV to scale out its features.
Existing investors Google Ventures, Sequoia Capital and Y Combinator also participated in the Series A round.
In developer parlance, “secrets” represent anything in code that needs to remain under wraps such as passwords, encryption pass phrases, digital credentials and application programming interface keys. They can include anything that if a third party got access to could lead to the compromise of the app.
Management of secrets has become a very complex affair with the pandemic causing more teams to work remotely and collaborate across repositories and use cloud storage for applications. The result is that such secrets could be repeated across multiple cloud virtual machine instances and get out of sync if not managed properly.
Originally, developers solved this problem with “.env” files that allowed them to store and configure secrets without revealing them. However, that solution didn’t scale, Brian Vallelunga, chief executive of Doppler, told Forbes.
“Today developers work in large, complex, and fast-moving teams,” Vallelunga said. “They need a way to collaborate, organize, and sync those secrets at scale securely.”
Current secrets management options are also currently not standing up to the test of time, he explained. Primarily because they don’t address developer needs when it comes to providing collaboration tools for DevOps teams, which combine both development and information technology operations.
“The problem with these solutions is that they only tackle one part of the problem: secure storage,” Vallelunga said. “Developers also need a friendly way to organize and sync those secrets with their teams, devices, and infrastructure.”
Doppler’s product addresses these issues head on by supporting both developers and operations. It gives developers a single point of truth for their secrets so that when it changes, it changes everywhere in their code and also warns them via GitHub or Slack that something has happened to a secret if it needs to be synchronized. For operations, Doppler is designed to support multicloud deployment strategies so it fits into modern development and operation lifecycles.
“Doppler combines all of the key elements DevOps and Security teams need to control who can see and modify secrets at scale as well as an audit trail, versioning, enterprise-grade encryption, secrets rotation and dynamic secrets,” Vallelunga said.
DevOps teams can integrate Doppler directly into their workflows using infrastructure tools that they already use such as Kubernetes and Terraform. It can also work with application deployment platforms such as GitHub Actions and Vercel. Developers can expand the feature set of already existing secrets managers as well, such as AWS Secrets Manager and Azure Key Vault.
Doppler claims to have more than 15,000 customers, including athletic footwear company Puma, event management platform Hopin, ezCater, Toast and On Deck. The company also said it manages and syncs more than 1.5 secrets every day.
The company does face competition in the enterprise secrets management industry. Examples include not only AWS Secrets Manager and Azure Key Vault but also 1Password’s Secrets Automation service, Google Cloud’s Secrets Manager and HashiCorp Vault.