Hyper, acquired by Whop, is a visionary payment infrastructure. It allows users to monetize online communities. The use of the platform is free, enabling groups to employ their payment and authentication systems to sell access to Discord servers and software products. Additionally, they have a REST API, which provides a way for users to charge usage fees for any software on any platform. Hyper generates revenue by receiving a percentage of the processing of each transaction.
The portal is completely customizable, giving users the freedom to design unique experiences. Its partners include Stripe, Cop Network, Nexus Bot, and Slash.
CEO Ben Botvinick founded the company in 2020, and thus far, it has processed over $5 million for its customers. In a fast-paced technical genre, Ben and his team had various challenges associated with .env files. This is their story on how they found the right tool to automate and eliminate the issues once caused by .env files.
The use of .env files is prevalent for developers. They are “secrets” holders that are simple but come with many issues regarding security, as they store confidential information, including API credentials. The files themselves are not a risk but rather their configuration, how they're shared, accessibility, and handling are what make them bad for managing secrets.
Additionally, the company had a large amount of .env files that were often incorrect or outdated and had no way to version control or automate the process, which wasted time. Hyper defined several areas in which .env files were problematic in the areas of both security and productivity.
Ben said, “The new developer would receive an .env file from the team. In many instances, it was out of date or missing a secret or configuration. Then this would lead to blocking of the new developer.
”This situation was a frustrating experience that stopped the new developer from beginning work or gaining access to the correct information.
Outside of onboarding, sharing .env files was anything but smooth. Changes would occur, but there was no central hub for these secrets, nor did users communicate the updates. Their current solution was to send a new .env file via Slack, with the assumption that everyone would update independently. There was no way to verify if they did or did not until an incident.
“If one thing changes without someone knowing, it can bring everything down,” Ben noted.
A local .env setup was not conducive to their infrastructure. They have eight individual web apps with APIs consuming over 100 configurations and secrets across multiple cloud providers. In many cases, the app or API may run across different cloud providers for redundancy reasons. If you have these components residing separately, an update to the configurations has to be applied manually across the board.
It was time-consuming, with developers basically working in silos. To scale their operations, Hyper couldn't depend on individual updates. It wasn't feasible. It was painful, but the team “got used to it” per Ben, thinking it simply was unavoidable.
When something goes wrong on an app, the investigation to fix it begins. For Hyper’s team, troubleshooting was troubling. They had to hunt across different cloud providers. “We had to compare the config values and secrets of each cloud provider to find the discrepancy, apply the fix, and redeploy,” Ben explained.
The task itself wasn’t arduous; what it represented was the risk of instability to production and a potential lack of service. Plus, Hyper didn’t want its developers jumping through troubleshooting hoops when they could be building and shipping new features. These issues, Ben and his team would soon learn, were preventable.
Ben and his team had a variety of .env challenges. They had workarounds for their issues, but those impacted productivity and led to greater security risk exposure. They set out to find a better way to manage .env files.In finding Doppler, one of the first things that Ben noticed was that everything would be in sync across environments. He also appreciated that there would be alerts to confirm this. With this feature, the Hyper team also mitigated human error risk, which was concerning when they had to manage secrets manually.
Doppler enabled Hyper to create a new simplified process, which Ben described as:
With this new process, Ben said they were able to onboard a new engineer in two minutes, not two hours. “Providing access to the Doppler dashboard was all they needed. They could enter certain environments based on permissions. Doppler makes it so much easier for all our engineers.”The pain points of the old process soon disappeared with Doppler solving:
“Doppler was something I wish I had when freelancing. It’s not just something that benefits organizations because just having everything in one spot is crucial. Doppler syncs everything, and in one command, I know exactly what environment variables are in each environment.”
The implementation of Doppler began by using integrations to auto-sync changes made in Doppler to Vercel, Heroku, and AWS Secret Manager. In doing so, they rid themselves of the pain of .env files. Ben said, “AWS Secrets Manager is too painful to use in development. We can move away from it, with Doppler being the source of truth. We can switch cloud providers and still sync secrets.”
One of the most essential features for Ben and his team is the dashboard. Accessing secrets and audit logs is crucial. They can roll back a misconfiguration in seconds with ease. Ben noted that many secrets manager tools only focus on security, which is vital, but forget about the management part. Doppler fills both needs for Hyper.
Next, Ben built an auto-detection of secrets changes in Doppler. It triggers apps to restart or redeploy to pick up changes (e.g., changing rate limits in .env var or rolling API key). In the example of rate changes, storing the config and secrets in Doppler was the fastest way to deploy changes when speed was critical.
In talking about life after Doppler, Ben emphasized how much the tool changed the way they work with .env files and secrets management. Hyper realized more productivity benefits as well. Rolling an API key before Doppler took at least an hour, and that was time that they weren't spending on more high-level work. It’s time-intensive because it required checking every app and environment to ensure the rolled API key value was updated.
It’s also been key to increasing uptime and reliability. Ben shared, “We had a five-to-six-hour outage, which required a change in config and rolling it out to the team. This hasn’t happened since using Doppler because we can change the API key in one location.”
Ben has a true passion for creating software and platforms that meet the needs of Hyper’s customers. He fully embraces automation as a means to simplify operations while also improving processes. He shared with us some great advice for other organizations. On DevOps automation, he said,
“Automate as much as possible. Focus on automation to remove manual, time-consuming tasks, which are usually prone to error.”
He also sees Doppler as part of the “no code” movement. He puts the tool in this category because secrets sync to any platform, and apps auto restart after a secret or config change. Thus, no manual work is necessary. With this functionality, Ben said,
“Your engineers should focus on building and shipping that increase business value. Doppler serves as a productivity and cost-saving tool because it completely eliminates manual work and processes.”
Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.