Launch HN: Doppler (YC W19) – Easily manage your env vars and secrets

222 点作者 bvallelunga超过 4 年前

Brian here - I am one of the creators of Doppler and I’m pumped (and kinda nervous!) to share it with HN.Doppler is an easy way to manage and share environment variables and secrets -- things like API keys, database credentials, feature flags, and configuration like a port or a hostname. We’ve heard it's “GitHub for secrets”.While working at Uber and small startups, managing app config via env vars really sucked. Simple options like .env files were a nightmare to keep updated. Enterprise tools like HashiCorp Vault and AWS Parameter Store felt like we were stuck using FTP instead of Dropbox!For the past 2 years, we’ve been heads-down building a secrets manager we actually want to use. For our customers, it's now their central source of truth for secrets and app configuration. They use Doppler to quickly organize and sync secrets with teammates and across infra, from local to prod on every stack. It has the features you'd want in a secrets manager, like sharing, audit logs, versioning, and integrations with major cloud providers (AWS, GCP, Heroku, Docker, Netlify, Laravel Forge, etc.).We’re deeply committed to strong security controls and highly available infra. Best-practices like data tokenization, security driven design, and external pentests help keep us secure: <a href="https://doppler.com/security" rel="nofollow">https://doppler.com/security</a>. And fully managed encrypted fallbacks in your infra means your secrets are always available, even in the rare case we aren’t.To support our community, we’re committed to offering a community plan that's free forever for unlimited users. Paid plans start at $6/seat/month.For visual learners like me, here's a 4-min video of us installing Doppler: <a href="https://vimeo.com/447918575" rel="nofollow">https://vimeo.com/447918575</a>.Take a look if you're curious: <a href="https://doppler.com" rel="nofollow">https://doppler.com</a>. Let us know what you think!

38 条评论

antoncohen超过 4 年前

This is awesome! The interface looks great, it is the UX I want. It boggles my mind why the major cloud providers who have parameter/secret management don't optimize their UX for the 90% use case of "I have an app, it runs in multiple environments, I want to vary the config by environment, and expose the config as environment variables, all with a simple and easy to audit interface".On the feature request front, I'd like to be able to vary the config by location (e.g., region, but could be zone, rack, etc.). It is common to have a production app deployed to multiple regions (as Doppler itself does), and it is likely that 80% of the config will be the same between regions, but there may be region specific settings.Which leads to the next thing I want, a hierarchy of config precedence: app default -> app+env -> app+env+location. So that the common settings don't need to be duplicated. Right now my guess is that to use Doppler with multiple regions I'd create environments like "prod-us-central1" and "prod-us-east1", but then 80% of the config will be the same between them.Another thing that can be nice is to have a canonical value, and have multiple apps point to that value instead of having their own copy of the value. For example if you have a "production DB host" you can set that once, and multiple apps can point their DB_HOST or DATABASE_HOST at the "production DB host" canonical value. That way when the "production DB host" changes, it only needs to be changed in one place.

评论 #24725135 未加载

arsalanb超过 4 年前

This is great! I tried to use Vault and it just was a nightmare to get started (they seem to have improved now, in their defense). The more impressive thing here is that it democratizes access to safe env var/secret management by not requiring a devops background to understand how this works (Vault docs have a whole ton of newly coined terms which you must understand in order to use this, which was just too much for me—a self-taught web developer)Kudos to the team for the launch! this is a beautiful product that solves a real problem in an elegant way!

kbyatnal超过 4 年前

This is very neat - my favorite part so far is being able to synchronize local .env across all developers instantly. We currently use 1Password as a hacky solution for this, which is a bit of a pain.I saw the demo video which looks great - one question though, how does this work with Heroku add-ons? If you configure Heroku Postgres for example, a DATABASE_URL env var gets automatically added. This variable can change (e.g. when Heroku applies a patch to your DB and restarts it). Is the sync two way, or do you expect applications to have two sets of environment variables (split across Doppler and Heroku)?

评论 #24722277 未加载

评论 #24723910 未加载

nyrulez超过 4 年前

Landing page does not address the elephant in the room: security and trust. I can't imagine mentioning in our security policy/audit that we store secrets with a third party and Doppler doesn't seem to be talking about this aspect, just ease of use. But this isn't a photo sharing app.

评论 #24725901 未加载

gingerlime超过 4 年前

Congrats on the launch. Great to see more products in this space.I'm also familiar (but never used) Envkey, which I think might also be from the YC alumni? but I'm not sure...Shameless plug: I created an open-source tool called envwarden[0], which is really just a simple wrapper around the Bitwarden[1] CLI (also open-source). envwarden helps you manage your server secrets and other variables inside your Bitwarden password manager.Definitely not as polished as neither Doppler nor Envkey, but just another (open) alternative I guess :)[0] <a href="https://github.com/envwarden/envwarden" rel="nofollow">https://github.com/envwarden/envwarden</a>[1] <a href="https://bitwarden.com/" rel="nofollow">https://bitwarden.com/</a>

评论 #24720271 未加载

评论 #24720752 未加载

评论 #24721053 未加载

评论 #24720178 未加载

temuze超过 4 年前

I agree that AWS Parameter store isn't great... that's why we use Chamber: <a href="https://github.com/segmentio/chamber" rel="nofollow">https://github.com/segmentio/chamber</a>Chamber is an open source wrapper for AWS Parameter Store. You add a secret by doing:`chamber write ENV_NAME SECRET_NAME SECRET_VALUE`And when you want to execute a command with those values in your environment...`chamber exec ENV_NAME -- yarn start:prod`Parameter Store comes with auditing tools and versioning. Chamber uses KMS for encryption. Also, you can control permissions (including namespacing) with IAM.My question is - what does Doppler provide that would make me want to switch? I'm weary about letting someone else own our secrets.

评论 #24725417 未加载

neximo64超过 4 年前

You have to give Doppler your secrets which is absolutely crazy. Is there a self hosted version?How does it fair against Vault? Vault is self hosted and open source.Does everyone in this thread know the founder or something? No one is asking these and they're in my view the absolutely most important questions.

评论 #24729960 未加载

评论 #24725354 未加载

评论 #24728762 未加载

评论 #24724730 未加载

评论 #24728441 未加载

评论 #24726261 未加载

tompic823超过 4 年前

Tom here from Doppler. I'm a founding engineer at Doppler and work on most of our security. Feel free to hit me with any security questions about our product, philosophy, etc.

评论 #24723360 未加载

评论 #24721696 未加载

kenanpulak超过 4 年前

We were using AWS SSM previously which got exponentially more difficult to manage with each service we added, we had stumbled upon Doppler while spinning up a new service and decided to give it a shot. We've been using Doppler for over a year and it's saved us a lot of developer hours on managing secrets and improved our dev workflows significantly.

makethetick超过 4 年前

Congratulations on the launch.A few months ago a wrote about how I solve this problem (<a href="https://www.viadog.com/replacing-environment-variables-aws-secrets/" rel="nofollow">https://www.viadog.com/replacing-environment-variables-aws-s...</a>) and it works nicely for a small team with a small number of projects but this looks like a very nice solution when starting to scale a little bigger.Good luck going forward!

daddykotex超过 4 年前

I don't write much on Hacker Nees, I'm much of a reader. But...Your product looks great. I watched the demo on the home page and I'm impressed.I'm definitely going to give a try. The developer integration seems awesome.Congratulations on the release.

评论 #24724257 未加载

blago超过 4 年前

I have been looking for something like this for years. I can't wait to give it a try on my next personal project. Thank you!

adar超过 4 年前

Nitpicky typo alert on the pricing page:> Doppler empowers engineers and their teams too quickly set up a secure way to store and manage their sensitive application secrets like API keys, database urls, certifications, etc... through a dashboard, API, and command line tool.should be "to quickly".Best of luck with the launch, I'll definitely try it out.

评论 #24720357 未加载

aliswe超过 4 年前

Checked this out and to be honest I'm completely stoked. We've been looking for a solution to our secrets nightmare and this just might be it.Question, is it possible to rename the default local environment to "local"? dev means something else at our place ...

meagher超过 4 年前

Looks great!What happens if Doppler is down or if there is a SNAFU when syncing the env in production?

评论 #24720741 未加载

blntechie超过 4 年前

Congrats on the launch!This space is definitely evolving with how many environment configs and creds teams have to maintain for all their environments and services.I’m only familiar with Secrets Manager and Parameter Store and will check this out. Unfortunately, our customers are not going to be early adopters of this service but if it does the job well, this is something I can try and recommend them in future.

评论 #24720513 未加载

kkwtfeliz超过 4 年前

You leaked your yoda translate api key in the video (31wiU[redacted]AQeF)

评论 #24720248 未加载

fimoreth超过 4 年前

Sounds interesting, but could you explain to me why I should use this over something like Azure KeyVault?

评论 #24801428 未加载

评论 #24720131 未加载

评论 #24727468 未加载

candiddevmike超过 4 年前

Why would someone use this over Vault or SOPS? Your (somewhat condescending) "stuck using FTP instead of Dropbox" is a very poor characterization. I think you've entered into a very busy space without bringing anything new to the table.

评论 #24720001 未加载

评论 #24720268 未加载

heymartinadams超过 4 年前

We’ve been using Doppler for a few months in development so far, and I can tell you, it’s a game-changer. The thing that stands out is that Doppler is a technology in its own category — analogous to what Airbnb is to the travel industry or what Uber/Lyft is to transportation. As far as I know, nothing else exists like it, and yet it’s incredibly useful.Have been in touch with one of Doppler’s co-founders and he’s been extremely helpful in integrating Doppler for us to use with NextJS (hosted on Vercel). Way to go on giving attention to your customers. We’ll be using Doppler for life, that’s for sure.

shay_ker超过 4 年前

Interesting. Couple Q's:- Is this basically the config management that's in Heroku, but it's possible to use with anything else?- Any plans for open source? I think that's a big reason why people use Vault, or roll their own.

评论 #24720669 未加载

chrisacky超过 4 年前

Is the primary use-case only for configuration secrets?Would it be suitable for a use-case where we manage (hypothetically) 400~ API keys, secrets, usernames etc for different use-cases. Our main application would need to be able to grab the secrets for APIs which run periodically.I'm guessing Vault is more suited for this.. and not Doppler?PS. My very last post on HN last week was about secrets: <a href="https://news.ycombinator.com/item?id=24625934" rel="nofollow">https://news.ycombinator.com/item?id=24625934</a>

评论 #24723675 未加载

Bedon292超过 4 年前

Looks really interesting, and potentially useful. I looked around, but didn't see much about a few things, which are probably not standard use cases:Do you have thoughts about using this on other systems. Bare metal, VMWare, or maybe even a cloud service without the use of their secret manager? I know it may seem odd, but those are cases where I would think this would be even more useful.How about the use of client certificates for user authentication. Or maybe kerberos tokens for server authentication.

评论 #24725959 未加载

davefp超过 4 年前

Can I change my local secrets without using the web interface? I see there's a local fallback mode but it's not immediately clear if it's user updatable.

评论 #24721139 未加载

Edmond超过 4 年前

For folks looking for alternatives, there is also confighub:<a href="https://www.confighub.com/" rel="nofollow">https://www.confighub.com/</a>

armatav超过 4 年前

I've been waiting for something this easy.

jaequery超过 4 年前

Woah, blown away by their onboarding page after signup. Kudos for whoever came up with the concept!

评论 #24721219 未加载

评论 #24721067 未加载

lucasverra超过 4 年前

hey there, congrats on this launch.I'm looking for something like this for login passwords that i can share with a headless browser (SaaS) service for managing authen into services.That way i only have to trust one service and not los of headless browser servicesCan it be used that way ?

评论 #24721337 未加载

arjie超过 4 年前

Cool product. Definitely always felt that SSM and Vault were very heavyweight solutions.

zlwaterfield超过 4 年前

Happy user here. My favorite part is the seamless local development abilities.

megakid超过 4 年前

This looks neat. Do you have any plans to provide a Kubernetes CRD or something else to pull/sync secrets into pods?

评论 #24722774 未加载

llarsson超过 4 年前

I could not find anything about Terraform integration. That is something I bet many of your customers will need.

评论 #24722326 未加载

评论 #24728169 未加载

ampdepolymerase超过 4 年前

What are your thoughts on Secrethub?<a href="https://secrethub.io" rel="nofollow">https://secrethub.io</a>

评论 #24722355 未加载

jrochkind1超过 4 年前

This is definitely a pain point for me, interested to check it out.

ublaze超过 4 年前

How did you build your landing page? It's pretty slick.

评论 #24726911 未加载

quinndiggity超过 4 年前

To be brutally honest (as if not already), Doppler makes me wonder why not simply focus on building on-top of open solutions like Vault. Considering there is no on-prem version of Doppler, you could essentially run Vault behind the scenes and provide the experience you are aiming to deliver with Doppler, giving you a marketing strategy for free ("Ready to run secret management with a focus on usability; the fastest zero to production option for 'Enterprise' secret management"), that doesn't require contrasting yourself ("We ARE Vault; it's a great tool, we made it easier"), and could even value-add or contribute back upstream (vs trying to cannibalize someone who could be your peer), and even reduces your engineering effort and the need to revalidate all the security primitives (and have 3rd parties do that for you just by their using it).Disclaimer; I have nothing to do with HashiCorp, they've just done right by me, have been great to the community, and are always improving and learning from their mistakes. A nerve is struck when marketing tells people that they are using the wrong tool (without backing that up with data), and making comparisons to a protocol which has fallen to the wayside aside from limited use cases but otherwise is predominantly insecure.

quinndiggity超过 4 年前

Wait wait wait, and this is paid and hosted too? Bleh, nooooo thanks. I'm not sending private and secret key material to a bunch of ex-Uber employees (gross on that point alone), but nevermind to ones who looked at the existing market, didn't understand the tool-scape, and essentially decided to roll their own crypto...

评论 #24723124 未加载

quinndiggity超过 4 年前

Thank you for acknowledging the need for trust, self-hosting + auditability.However, please stop trying to contrast yourself with these analogies. Owncloud and Nextcloud both have hosted OR on-prem versions<a href="https://owncloud.com/pricing/" rel="nofollow">https://owncloud.com/pricing/</a><a href="https://nextcloud.com/providers/" rel="nofollow">https://nextcloud.com/providers/</a>

评论 #24726013 未加载

38 条评论

antoncohen超过 4 年前

评论 #24725135 未加载

arsalanb超过 4 年前

kbyatnal超过 4 年前

评论 #24722277 未加载

评论 #24723910 未加载

nyrulez超过 4 年前

评论 #24725901 未加载

gingerlime超过 4 年前

评论 #24720271 未加载

评论 #24720752 未加载

评论 #24721053 未加载

评论 #24720178 未加载

temuze超过 4 年前

评论 #24725417 未加载

neximo64超过 4 年前

评论 #24729960 未加载

评论 #24725354 未加载

评论 #24728762 未加载

评论 #24724730 未加载

评论 #24728441 未加载

评论 #24726261 未加载

tompic823超过 4 年前

Tom here from Doppler. I'm a founding engineer at Doppler and work on most of our security. Feel free to hit me with any security questions about our product, philosophy, etc.

评论 #24723360 未加载

评论 #24721696 未加载

kenanpulak超过 4 年前

makethetick超过 4 年前

daddykotex超过 4 年前

评论 #24724257 未加载

blago超过 4 年前

I have been looking for something like this for years. I can't wait to give it a try on my next personal project. Thank you!

adar超过 4 年前

评论 #24720357 未加载

aliswe超过 4 年前

meagher超过 4 年前

Looks great!What happens if Doppler is down or if there is a SNAFU when syncing the env in production?

评论 #24720741 未加载

blntechie超过 4 年前

评论 #24720513 未加载

kkwtfeliz超过 4 年前

You leaked your yoda translate api key in the video (31wiU[redacted]AQeF)

评论 #24720248 未加载

fimoreth超过 4 年前

Sounds interesting, but could you explain to me why I should use this over something like Azure KeyVault?

评论 #24801428 未加载

评论 #24720131 未加载

评论 #24727468 未加载

candiddevmike超过 4 年前

评论 #24720001 未加载

评论 #24720268 未加载

heymartinadams超过 4 年前

shay_ker超过 4 年前

评论 #24720669 未加载

chrisacky超过 4 年前

评论 #24723675 未加载

Bedon292超过 4 年前

评论 #24725959 未加载

davefp超过 4 年前

Can I change my local secrets without using the web interface? I see there's a local fallback mode but it's not immediately clear if it's user updatable.

评论 #24721139 未加载

Edmond超过 4 年前

For folks looking for alternatives, there is also confighub:<a href="https://www.confighub.com/" rel="nofollow">https://www.confighub.com/</a>

armatav超过 4 年前

I've been waiting for something this easy.

jaequery超过 4 年前

Woah, blown away by their onboarding page after signup. Kudos for whoever came up with the concept!

评论 #24721219 未加载

评论 #24721067 未加载

lucasverra超过 4 年前

评论 #24721337 未加载

arjie超过 4 年前

Cool product. Definitely always felt that SSM and Vault were very heavyweight solutions.

zlwaterfield超过 4 年前

Happy user here. My favorite part is the seamless local development abilities.

megakid超过 4 年前

This looks neat. Do you have any plans to provide a Kubernetes CRD or something else to pull/sync secrets into pods?

评论 #24722774 未加载

llarsson超过 4 年前

I could not find anything about Terraform integration. That is something I bet many of your customers will need.

评论 #24722326 未加载

评论 #24728169 未加载

ampdepolymerase超过 4 年前

What are your thoughts on Secrethub?<a href="https://secrethub.io" rel="nofollow">https://secrethub.io</a>