Securing over 1,300 secrets: Doppler powers CCI’s cancer research innovation

Customer background

The Children’s Cancer Institute (CCI) is a leader in pediatric cancer research, aiming to find a cure for childhood cancers through innovative medical research. Based in Australia, the institute combines leading-edge biological research with software engineering to process vast amounts of biological data, aiming to make breakthroughs in cancer treatment. Over the past few years, CCI has evolved its operations to integrate cutting-edge technology, significantly accelerating the pace of research and treatment development.

The challenge

CCI’s Computational Biology team, a small but highly impactful group of engineers, plays a crucial role in processing and analyzing large volumes of biological data and building tools to support cancer research. Team members wear multiple hats—handling everything from infrastructure and cybersecurity to full-stack development. As the team’s contributions have grown, so has CCI’s investment in engineering, recognizing the value of technology in advancing their research.

As CCI’s engineering operations scaled, managing secrets became a major challenge. With 30 projects spanning development, staging, and production environments, the team had to handle a growing number of secrets. Their existing solution relied on Azure Key Vault for some infrastructure secrets such as those used in CI/CD pipelines and manual processes for others, which created significant inefficiencies and increased the risk of misconfigurations. Kamile Taouk, Senior Software Engineer at CCI, realized that the current process was becoming slow, error-prone, and ultimately unsustainable for their growing needs.

“We had too many secrets to manage—about 1,300 across 30 projects—and Azure Key Vault wasn’t built for our use case.”

In addition, developer productivity was suffering. They needed a solution that could provide a better developer experience to simplify workflows and encourage secure practices across the team. “I wanted a tool that would make things easier for me as a developer,” Kamile admitted.

“If I found it easy to use, other developers would too.” Kamile emphasized. “I didn't want to get stuck with another tool that was tied to a specific cloud provider and then realize it was difficult to work with across all our different platforms.”

Managing secrets across multiple environments demanded duplicative, manual processes, creating both security risks and time drains. Secrets were often stored in static, unencrypted .env files on developers’ machines, creating potential vulnerabilities. Additionally, onboarding new engineers took up to a full day as they configured secrets manually. Knowing the team was poised to grow quickly, they knew they needed a platform agnostic solution that would provide centralized, secure, and environment-specific secret management that could scale with their team.

The solution

After evaluating different options, CCI chose Doppler for its ease of use, flexibility, and robust feature set that addressed both their development and security needs. "Doppler enabled us to manage secrets across environments and deployments, which we couldn’t find anywhere else," Kamile explained. Doppler is used to organize deployments across all projects as well as to expedite and improve the security of the SDLC for the engineering team.

Centralized and organized secrets

Doppler addressed CCI’s challenge of scattered secrets by providing consistency across projects and environments. They could now manage shared secrets across multiple environments and reduce redundancy, replacing repetitive manual processes with a single source of truth. This centralization reduced the risk of security breaches by removing static files from individual developers' machines and providing a straightforward method for updating and referencing secrets across projects. Deployments became significantly easier to manage. Looking ahead, the team is excited to implement Config Inheritance to further streamline secrets sharing and management.

“We now reference common database secrets across all our environments, which keeps everything consistent and easy to manage. Config Inheritance will further simplify the complexity of managing shared secrets.”

Enhanced security and role-based access control

By eliminating static, unencrypted files on developer machines, Doppler strengthened CCI’s security posture. Doppler’s role-based access control (RBAC) enabled CCI to restrict access to sensitive production secrets, ensuring that only authorized personnel had the appropriate permissions. Fine-grained access control was particularly crucial as the team expanded. With Custom Roles, the team could define specific access levels, significantly improving security and reducing the risk of misconfiguration. Junior developers now work without access to production secrets, while senior engineers have the permissions they need.

“With Doppler’s RBAC and audit trail, we have complete visibility and peace of mind knowing exactly who accessed which secrets and when.”

Integration with existing infrastructure

Doppler's intuitive interface, detailed documentation, powerful CLI, and integrations with Kubernetes, Docker Compose, and Azure DevOps enabled rapid implementation without disrupting existing workflows. Service tokens simplified CI/CD pipelines by replacing multiple secrets with a single Doppler token, drastically reducing the complexity and manual work involved in deployment configurations. This significantly reduced the time engineers spent accessing and updating secrets. Developers can now access secrets with just a few commands, making the system easy for both new and experienced engineers.

"The CLI was easy to install, and our engineers had no trouble using it. Setting up Doppler was as simple as a couple of commands"

Improved developer experience

Doppler’s personal configs allowed developers to securely customize configurations for their own unique workflows without impacting shared secrets. It’s also made testing faster and more efficient. This feature was particularly beneficial for Marie Wong, Principal Bioinformatics Engineer and Data Platform Chair at CCI, who can now manage her own secrets securely while maintaining isolation from shared environments.

“Personal configs have made a huge difference. Marie can now manage her environment-specific secrets without affecting anyone else’s setup.”

The impact

Improved security posture

By eliminating static, unencrypted .env files from developers’ machines, Doppler reduced the potential for security breaches and simplified compliance with security protocols. The team now has strict control over access to production secrets. Doppler’s activity and secrets access logs provide complete visibility and control over who accesses and modifies secrets.

"We no longer have static, unencrypted files on developer machines. Everything is now secure in Doppler, and our security team is very happy that we alleviated such a big security risk."

98% reduction in time spent managing secrets

Doppler drastically reduced the time CCI’s team spent managing secrets from one hour per day to just two minutes. This newfound efficiency allows engineers to focus on high-value development and innovation, rather than tedious and routine tasks.

“Managing secrets used to take us an hour every day. With Doppler, it’s now down to just a couple of minutes.”

50% faster onboarding

With Doppler, CCI reduced onboarding time for new engineers from a full eight-hour day to four hours, helping new engineers quickly access and configure necessary secrets. As their team grows, this time savings supports a more efficient scaling process when new projects and environments are added, making it easy for new hires to get started.

"We’ve doubled the size of our engineering team, and without Doppler, onboarding would have been a nightmare. Onboarding new team members used to take us eight hours, but with Doppler, it’s now down to four.”

The partnership ahead

As CCI explores advanced research, including Large Language Models (LLMs) and AI-driven data analysis for cancer research, Doppler will provide the secure infrastructure needed to manage sensitive data and workflow configurations in these cutting-edge projects.

“We’re experimenting with LLMs to analyze biological data, and managing secrets will be crucial as these projects transition from research to production,” Kamile explained. “We expect Doppler to play a key role in securing our AI environments as we push the boundaries of pediatric cancer research.”

Kamile’s team plans to expand Doppler’s usage to additional teams within the institute, including researchers who need controlled access to sensitive data. Doppler helped shine light on gaps in current protocols such as rotating secrets regularly and responding to data breaches. With a stronger secrets management process in place, they realize cost savings by minimizing the risk of a breach or a leak and are ready to take it a step further with automated rotation. As their infrastructure evolves, Doppler will be pivotal in supporting CCI’s mission to cure childhood cancer.

“We’ve only scratched the surface of what Doppler can do,” Kamile said. “We’re excited to explore more features like change requests and secrets rotation as our needs grow.”