In a recent fireside chat hosted by Doppler’s CEO, Brian Vallelunga, industry experts highlighted why secrets management is now an essential aspect of modern security. The conversation featured insights from Matthew Copperwaite, Senior Cybersecurity Engineer at Financial Times; Blake Visin, Executive Director of Digital Engineering at BODi; and Jeff Barr, Senior Engineering Manager at Secureframe.
They discussed the growing need for solid secrets management solutions, particularly in the face of evolving security threats and operational complexities. Watch the full fireside chat or check out the key points:
The panelists emphasized that secrets management is no longer a luxury but a critical necessity for protecting sensitive data. Matthew Copperwaite noted that when the Financial Times evaluated its options, it became clear that many organizations still don’t recognize the importance of secrets management as part of their security infrastructure.
"We want to be in the business of solving our customers’ problems, not solving infrastructure or problems that are common across the industry. Secrets management is one of those [problems].”
Jeff Barr discussed the operational burden of managing secrets manually or through homegrown solutions. He noted that these methods often lead to significant downtime and increased toil for teams, which detracts from their ability to focus on core business functions.
"For a security and compliance company like Secureframe, we’re betting our reputation on [security]. So, we invest in tools like Doppler that protect us from being dead in the water when secrets get leaked.”
Blake Visin discussed how internal practices, such as developers sharing secrets through insecure channels, can pose significant risks. He highlighted the challenges of managing secrets across multiple environments and stressed the importance of using a centralized solution to minimize these risks.
“Most of the threats that I would consider are internal...passing secrets around through chat or email, all of those things—very bad security practices.”
The panelists agreed on several key features that an effective secrets management tool should have, including strong security and compliance capabilities, ease of use, integration capabilities with existing infrastructure, scalability, and responsive support.
Matthew shared that Financial Times initially used HashiCorp Vault for secrets management, but they faced significant challenges. Issues like the inability to recover deleted secrets and a major system outage during updates highlighted the tool's limitations. Combined with time-consuming maintenance and the impact of incidents like the CircleCI and Heroku leaks, it became clear that they needed a more reliable and efficient solution.
"We actually took down quite a lot of our environment [when using Hashicorp Vault] because we were trying to improve things... That was one of the first signs that we needed to do something better here."
Secrets management has become a cornerstone of modern security practices. As threats evolve and organizations continue to scale, the need for a robust, reliable, and developer-friendly secrets management solution is more critical than ever. By investing in the right tools and processes, businesses can protect their sensitive data, operate faster and more efficiently, and focus on what truly matters—building and delivering value to their customers.
The transition from viewing secrets management as a "nice to have" to an essential security measure marks a significant shift in how organizations approach their overall security strategy. As these experts have shown, the right approach to secrets management not only protects your organization but also empowers your teams to work more efficiently and securely.
Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.