August 2021 Summaries
6 posts from Doppler
Filter
Month:
Year:
Post Summaries
Back to Blog
The author's journey in software development and developer marketing began at Sun Microsystems, where they helped shape the way people interact with software. After Sun was acquired by Oracle, they joined a digital agency, building from scratch and learning to scale. However, they realized that working in larger organizations didn't allow them to build from the ground up and mold their initiatives as they wanted. They then worked on various projects at startups, growing adoption of products through digital means. Eventually, they joined HashiCorp but felt an opportunity was missing. They were approached by Doppler, a company helping developers secure and manage secrets & environment variables, and after a series of interviews, they accepted the Head of Growth role, feeling a strong connection with the team's passion for building a product that solves a problem for people who love using it. The author attributes their successful career progressions to extrinsically motivated opportunities and recognizes the importance of finding a company where they can define a strategic vision with a clean slate.
Aug 24, 2021
1,459 words in the original blog post.
Mauro Chojrin's article discusses the importance of securely storing sensitive information, such as database credentials and API keys, in web applications. He explains that hardcoding these values directly into code is not recommended due to its limitations and potential security risks. Instead, he suggests using external files, environment variables, or a secrets manager like Doppler to store and manage sensitive data. The article covers various ways to implement this approach, including using .env files, Docker, and custom PHP configurations. It also provides sample code and examples for different scenarios, including Laravel applications and integrating with tools like Laravel Forge. Overall, the article aims to provide a comprehensive overview of the best practices for securely storing secrets in web applications.
Aug 20, 2021
2,485 words in the original blog post.
How to Set Environment Variables for a Python Django Application using Apache and mod_wsgi in Docker
This tutorial helps developers configure Python applications hosted with Apache and mod_wsgi running in Docker using environment variables for app configuration and secrets. It provides a step-by-step guide on how to achieve this, including the use of custom start scripts, Apache site configurations, and Dockerfiles. The tutorial covers both scenarios where Doppler is used to fetch secrets and when an `.env` file is used instead. With this knowledge, developers can now host their Python applications with Apache and mod_wsgi in Docker while keeping app configuration and secrets secure and well-organized.
Aug 16, 2021
1,149 words in the original blog post.
The key to protecting against accidental secret leakage is a two-pronged approach that involves both Secure Secrets Management and Secrets Leakage Detection. This can be achieved through the use of an encrypted, audited, and controlled secrets manager, as well as continuous scanning of environments for signs of leaked credentials. Solutions like Doppler and Truffle Security are working to detect and prevent secret leaks, while also providing user-friendly and approachable solutions for managing sensitive data. By quickly responding to detected leaks, rotating out compromised credentials, and giving attackers minimal time to exploit them, organizations can minimize the risks associated with secret leakage and keep their secrets secure.
Aug 08, 2021
305 words in the original blog post.
If an engineering leader asked you "How we are protecting ourselves against the accidental leakage of secrets?", what would you say? It's not an easy question to answer, especially for those more on the Developer side of DevOps who often don't have a background or focus on security. The answer emerging is a two-pronged offensive strategy with Doppler addressing secrets management and Truffle Security detecting and preventing accidental leakage of secrets and credentials. A recommended solution for enterprise companies looking for instant remediation is Doppler, which provides an approachable and usable secrets management solution that allows for quick response, revocation, and rolling of leaked credentials. This partnership between Truffle Security and Doppler gives attackers the least possible chance of getting their hands on valid credentials before leakage has been detected and credentials revoked.
Aug 07, 2021
279 words in the original blog post.
The Kubernetes Hardening Guidance Report, produced by the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance for cluster administrators to minimize risks in their Kubernetes environments. The report details critical threats to Kubernetes security and offers hardening techniques for three key areas: container and pod scanning, running containers with restrictive privileges, and network security recommendations. By following these guidelines, cluster administrators can improve the overall security posture of their Kubernetes clusters.
Aug 04, 2021
127 words in the original blog post.