May 2026 Summaries
4 posts from Doppler
Filter
Month:
Year:
Post Summaries
Back to Blog
Doppler has introduced its latest product update, Doppler On-prem, which allows organizations to operate the platform entirely within their own managed infrastructure. This update is particularly beneficial for regulated industries and security-sensitive environments, as it provides enterprises with complete control over their secrets management while maintaining the user-friendly experience that teams appreciate. Doppler On-prem enables teams to manage secrets and backups internally, comply with stringent data residency and compliance standards, and support networks that are isolated or have restrictions. This launch caters to organizations that cannot use external SaaS tools, providing a modern solution for secrets management.
May 30, 2026
251 words in the original blog post.
In February 2026, a small startup experienced a costly breach due to a privilege escalation incident involving Google Cloud services, highlighting the critical need for effective secrets incident response. This comprehensive playbook outlines a structured approach for engineering teams to handle such incidents, following guidance from NIST SP 800-61 Rev. 3 and CSF 2.0. The playbook covers the detection of anomalies, analysis of the blast radius, containment through credential revocation, safe rotation of new credentials, historical cleanup of exposed secrets, and post-incident reviews to prevent recurrence. It emphasizes the importance of assigning clear roles and responsibilities, such as incident leads and blast radius analysts, to ensure efficient handling and compliance with regulations like GDPR. Each phase is designed to minimize downtime and prevent breaches, with a focus on using centralized secrets management to streamline credential updates and ensure robust security practices.
May 25, 2026
2,506 words in the original blog post.
In March 2026, a series of supply chain attacks compromised five widely used open-source projects, including Trivy, KICS, LiteLLM, Telnyx, and Axios, highlighting vulnerabilities in the software ecosystem that affected millions of applications. These attacks typically involved breaching trusted tools upstream and executing malicious code with legitimate privileges during routine installations, resulting in the exfiltration of sensitive credentials like cloud credentials, SSH keys, and database connection strings. The extent of damage was heavily influenced by where these credentials were stored; companies that centralized their credentials effectively minimized the blast radius of the attacks. To prevent such incidents, it is crucial to adopt strategies like monitoring for anomalous behavior, using canary credentials to detect unauthorized access, and ensuring rapid credential rotation upon compromise. Additionally, security measures such as scoping workflow permissions, auditing tool privilege levels, and pinning dependencies to commit SHAs can help mitigate these risks. Despite these precautions, organizations are advised to assume that some dependencies may eventually become compromised and to structure their credential management accordingly, emphasizing a zero-trust architecture that centralizes and automates credential management to limit potential damage.
May 18, 2026
1,750 words in the original blog post.
The text provides a comprehensive guide to building secure and scalable Model Context Protocol (MCP) servers, emphasizing the importance of robust security practices in production environments. It outlines key security principles, such as least privilege, credential isolation, defense in depth, rotation readiness, and auditability, which are essential for maintaining resilient systems. The guide discusses the architectural components necessary for secure MCP servers, including containerized runtimes, centralized secrets management, network isolation, and structured monitoring. It highlights the importance of multi-user access controls, incident response strategies, and zero-downtime credential rotation to mitigate risks associated with credential leaks and unauthorized access. Additionally, the text provides practical patterns for managing secrets, such as using Doppler and Kubernetes for centralized secrets management and employing proxy patterns for multi-user deployments. The guide concludes with a pre-production security checklist and a rollout plan to help organizations implement these security measures effectively, ensuring that MCP servers support growth while maintaining high security standards.
May 11, 2026
3,536 words in the original blog post.