How Endear Removed the Coefficient of Friction Using Doppler

Customer Background

Endear is on a mission to change the way the retail industry thinks about connecting with customers and driving in-store and online sales. It provides the first CRM built from the ground-up for consumer brands & retailers.

"Endear's top priority for 2022 is to ensure developer productivity, code quality, and continuous security while rapidly expanding the Engineering team.” highlighted Endear’s CTO, JP Grace.

These priorities led the Engineering leadership to adopt a "DevSecOps" culture, as they started looking for opportunities to streamline CI/CD workflows while bringing application security considerations closer to the application development process.

The Challenge

Far too often, an increased focus on security results in a decrease in developer productivity and happiness.

As a result, Endear's Engineering team set a goal to enhance developers' productivity by focussing on automating previously manual and cumbersome tasks such as secrets management.

Grace and the leadership team firmly believe that they shouldn’t do any undifferentiated heavy lifting by leveraging Cloud functions, GCP, PubSub, Cloud Run, Cloud SQL, Vercel and any tool that they can leverage to enable them to focus on their core business innovations.

This mind-set paved the way for scoping the main challenges that they wanted to knock out to streamline development and focus on what matters most; their customers.

The team was managing security through GCP and local env variables, while developing custom scripts that worked quite fine until they faced several edge cases.

As they started hiring and ramping up with more engineers and integrations, security got quite complicated to manage, so the priority was to unblock the team to operate efficiently.

While Endear didn’t know how they’re going to solve the problem quite yet, they knew that there was a solution out there that is zero trust. The addition they were looking for was finding a solution that also integrates well with GitHub actions for CI/CD, Vercel for deployment, and the other tools they’re using for development. They also wanted a solution that was super easy to manage and covers the potential edge cases.

What they wanted to solve:

• Having a holistic overview that makes it easier to organize and manage secrets while developing new capabilities
• Having separate branches to develop new capabilities on top of everything else until it's merged into production and then roll out the changes across the team and environments
• If a token was ever compromised, the team would be able to immediately retire it in seconds across all environments and developers

Before Doppler

All secrets were stored in GCP's secret manager. Every time when a developer would need to work on a new capability or branch, he/she would fetch all secrets to get an updated list which gets quite repetitive and tedious.

They also built a custom script to pull all secrets from GCP and manage which secret belonged to which repo or stage; leading to complications in how secrets were being pulled from GCP.

This script also helped in storing secrets in local files with different versions so when any update is pushed to production, the team had to test locally across different env variables, resulting in working across many moving parts.

Inevitably, anytime anyone was working on a different repo, the team would run into problems getting things up and running. If a developer hadn’t worked on a repo for sometime while some changes occurred or if they forgot to pull the latest had resulted in too many edge cases following them down.

After Doppler

Shah, one of Endear’s co-founders, found Doppler and was able to get it up and running during the weekend. As soon as Shah and the team saw the benefits they’re going to get from Doppler. “It made sense to immediately adopt it on top of Endear’s framework. Doppler covered everything they wanted to do and didn’t need to see any other tools.” noted Grace.

At the end of the day, Endear's main goal is to ensure that all engineers are empowered across the entire development lifecycle for all the projects they’re working on. A huge piece of it was security and being able to iterate on security through uncomplicated processes.

With a growing R&D team and tens of repos, there’s a lot of context switching where Doppler enabled Endear to eliminate the coefficient of friction by getting things up and running.

‍Everything is updated and whenever we run doppler we see the latest version and we don't have to think about it anymore." said Grace.

What Doppler solved:

• Having a holistic overview that makes it easier to organize and manage secrets while developing new capabilities
• Having separate branches to develop new code top of everything else until it's merged into production and then seamlessly rolling out the changes across the relevant environments and team
• If a token was ever compromised, the team would be able to immediately retire it in seconds across all environments

“Doppler helped us eliminate the coefficient of friction for everything we are working on by streamlining secrets management to focus on our core business."