Confidentiality management, or the use of access tools to create digital identity cards, was increasingly taking precedence over disaster. But as health problems forced businesses to move online, privacy management has become an integral part of operations. According to 2021 1Password exploration65% of companies now have more than 500 secrets while 18% have more than they can count.
Secret management seems like a tedious and expensive endeavor, however, with DevOps and IT staff responding to the 1Password survey by saying that an average of 25 minutes is spent managing the password every day at an annual salary of around $ 8.5. billion. The search for challenging solutions has sparked startups like Doppler, which provides a service that developers can use to manage and maintain privacy – especially app secrets – in the “scales” of the business environment. Doppler today announced it has raised $ 20 million in Series A funding to further develop its secret balance capabilities.
“Existing secret management tools are designed by security engineers, security engineers kani these tools are difficult to use and do not focus on the developer experience,” founder and manager Brian Vallelunga told TechCrunch via email. After a thorough investigation, [I started] working on a SecretOps platform for developers and their teams [that became Doppler.”
Doppler is Vallelunga’s fifth venture after Laborate (a classroom collaboration app), Juicy (an “anonymous” social network), Burl Apps (a mobile app incubator) and Miza (an ad platform that bypasses ad blockers). He also did a stint as a software engineer at Uber, where he worked on the app safety team.
Thomas Piccirello, Doppler’s other cofounder, was previously a software engineer at BlackRock and founded a cloud-based insurance claims management startup (AI Insurance). Vallelunga and Piccirello met after Doppler joined Y Combinator’s W19 cohort.
“The ability to securely store, transmit and audit secrets has never been more critical as one minor error can lead to catastrophic results,” CRV general partner Murat Bicer, a Doppler investor, said in a statement. “In a world where putting a single space in the wrong place can literally take down a company’s entire website, Doppler makes it easy to prevent leaks and outages with their developer focused approach.”
“Secrets” in the context of app development refers to anything about an app that a developer wants to keep secret. This could include passwords and credentials, but also things like API keys and digital certificates.
Doppler’s platform serves as an encrypted source of truth, allowing teams to organize their app secrets across projects and environment and roll back changes where necessary. Users can create references to frequently-used secrets in Doppler and get alerts via Slack and Microsoft Teams when things change.
Doppler’s command-line interface knows which secrets to fetch based on the project directory. And it automates secret syncing, requiring developers to update secrets only once.
The benefits of secrets management are clear. According to a 2019 report commissioned by ThycoticCentrify — which, it should be noted, is a secrets management software vendor — 57% of respondents said they’d experienced a security incident related to exposed secrets from insecure DevOps processes. 1Password pegs the cost of a company losing control of its secrets at $1.2 million in revenue per year.
Judging by the early traction, companies are indeed seeing the value in products like Doppler’s. Vallelunga says that Doppler has 16,000 organizations as customers including Puma, Hopin, Toast and OnDeck and is serving more than 1.5 billion secrets every month.
Of course, Doppler isn’t alone in competing for enterprises’ dollars to manage secrets. Vallelunga sees HashiCorp Vault as Doppler’s closest rival, but there’s also AWS Secrets Manager, the aforementioned 1Password and Google Cloud’s Secret Manager, among others.
Grand View Research predicts that the password management market alone will be worth up to $2.05 billion by 2025.
As in any industry, expanding the addressable market for secrets management will require convincing holdouts to embrace new software and technologies. One source, Ekran systems, a threat monitoring software vendor, estimates that only 10% of organizations were using secrets management solutions as of 2019.
Vallelunga’s strategy is to invest heavily — and simultaneously — in engineering and product development. Doppler will more than double its workforce from 22 to 50 by the end of the year and launch new features including a “pull request” flow for secrets, he says. Other additions will include “secrets rotation” and “dynamic secrets” to, in Vallelunga’s words, “give organizations a way to move off of long-lived static secrets.” As the names imply, a dynamic secret is generated on-demand while a static secret is defined ahead of time.
“[These capabilities] will provide developers and their teams with the tools they need to review key changes in their confidentiality, ”Vallelunga continued.
CRV was led by Series A Doppler with the participation of GV, Sequoia Capital and Y Combinator as well as angels including GitHub CEO Thomas Dohmke, Datadog CEO Olivier Pomel, Twilio founder Evan Cooke and Post Manager Ankit Sobti. The startup has raised $ 28.8 million in capital to date,