Paradox is the global leader in leveraging conversational AI to transform how large global employers like McDonald's, 7-Eleven, Nestlé, General Motors, and Marriott International get hiring work done — streamlining the recruitment process by automating repetitive tasks like answering candidate questions, screening for job requirements, scheduling interviews, collecting feedback, and more. In just 6 years, the business has scaled to more than 700 employees and more than 1,000 clients, helping those organizations dramatically reduce time-to-hire and save hiring teams countless hours of manual work, so they can spend more time with people, not software.
Paradox’s existing infrastructure, initially built years ago, had evolved into a highly complex environment that was difficult to manage and scale. As the company grew, the legacy systems became a bottleneck, limiting the team’s ability to handle increased traffic and workloads efficiently. The Paradox team faced significant challenges as it sought to modernize its infrastructure. As part of their modernization effort, the team embarked on an ambitious migration to Kubernetes for container orchestration. This required modern configuration and secrets management. Their existing homegrown solution accumulated technical debt, and couldn’t support the needs of a modern tech stack.
"We set out to do a very large infrastructure migration, moving from older infrastructure that was effective but not sufficient for our growing needs. The old system was not Kubernetes compatible, and we needed a solution that integrated natively with Kubernetes to support our migration and operational goals."
Paradox's secrets and configuration management processes were largely manual, handled by a homegrown tool that was becoming inadequate for the team’s growing needs. It was both time-consuming and error-prone and contributed to growing secrets sprawl. The difficulty of accurately tracking and managing changes across environments increased the risk of misconfiguration.
“The main issue with our homegrown tool was its organization,” Dan reflects. “It evolved with the product and company, rather than being intentionally built with proper architecture and support. We ended up with secrets and configs across multiple projects. Some configs were copied, some referenced, and others were not needed at all. This made it impossible to know what was being used or where. Any change risked impacting other users and tenants, creating uncertainty and potential issues.”
Implementing precise access controls was a critical challenge. The homegrown tool lacked robust role-based mechanisms, resulting in overly restrictive access policies that impacted development. Integration with tools like Okta for single sign-on (SSO) and Terraform for infrastructure-as-code (IaC) management was essential.
The Paradox team needed a solution that could scale with their growth and require minimum maintenance. "In the past, I've used AWS Secrets Manager and HashiCorp Vault, but both required a lot of manual configuration," Dan notes. "We are a small DevOps team supporting over 250 developers, and we simply don't have the bandwidth to manage these tools manually.”
“As we examined Paradox's needs, it became clear that solutions like Vault were too complicated. Vault’s Kubernetes integration was overly opinionated, dynamic access was complex, and the configuration was cumbersome. We needed something that didn't require a dedicated team to manage it."
Paradox chose Doppler for its robust secrets and configuration management capabilities, particularly its integration with Kubernetes. Doppler was quick and easy to deploy, minimizing the burden on Paradox's small DevOps team. With its real-time sync with Kubernetes, Doppler enabled the Paradox team to manage their secrets securely without investing additional resources. This was crucial for a team with limited bandwidth. Dan notes, "Doppler plugs into all the tools we needed. Integrating with Kubernetes was simple, and it allowed us to focus on our migration at a faster speed."
By automating secrets management, Doppler significantly reduced the manual effort required from the DevOps team. This was a game-changer for Dan enabling the team to focus on more strategic initiatives rather than getting bogged down in manual configurations. Doppler provided a streamlined process for developers to access and manage secrets, significantly improving productivity. By using Doppler CLI, developers could inject secrets directly into their development environments securely and efficiently. Additionally, Doppler’s support for secret versioning and rollback capabilities ensured that developers could manage and update secrets without fear of inadvertently causing issues in the production environment. This feature was particularly valuable in maintaining stability and quickly recovering from any inadvertent changes.
"Doppler is the fundamental tool we use to manage secrets and configurations. It takes care of these tasks for us seamlessly, eliminating the need for manual configuration or backend management. We don't have to worry about it, it just works.
Doppler's robust security features, including fine-grained access controls and comprehensive audit logs, addressed Paradox’s need for enhanced security of access and compliance. Doppler’s integration with Okta for single sign-on (SSO) ensured that access to secrets was tightly controlled and easily managed. Dan explains, "Our goal was to grant access to secrets where needed and restrict access where not needed.” The ability to audit access and changes comprehensively gave Paradox the assurance that their secrets were managed securely and that they could meet stringent compliance requirements. Doppler's role-based access control (RBAC) further ensured that only authorized personnel had access to specific secrets.
“Adopting Doppler wasn't primarily a productivity move, though it has made changing configurations much easier, which is significant. The main focus was on improving stability, uptime, and access control.”
Doppler enabled Dan and his team to modernize their infrastructure and move to Kubernetes at a record pace. When the team initially evaluated Doppler, they estimated that building their own solution with Vault or AWS Secrets Manager would have added 6-8 months to the MVP release and an additional year for the full feature set. Adopting Doppler reduced their time to MVP by 50% and accelerated the full feature set by 75%. This significant time savings allowed Dan and his team to focus on the Kubernetes migration.
The ease of deployment and real-time synchronization significantly eased the migration process. Paradox was able to complete their Kubernetes migration faster than initially planned, ensuring minimal disruption to their operations.
Doppler has also enabled us to move to Kubernetes at an impressive speed. Our small team of five managed to migrate our entire application stack to Kubernetes in about nine months, despite having many other responsibilities.
Doppler has become the single source of truth for secrets and configuration values across more than 1,000 systems. It centralizes the lifecycle of thousands of secrets and configurations for dozens of applications across many environments.This centralization and automation have drastically reduced the manual effort required to manage secrets and configurations. As a result, Paradox's engineering teams no longer spend valuable time on these tasks, allowing them to focus on more strategic initiatives.
“Secrets management occupies a small fraction of our time, but it commands a disproportionately large amount of our concern. We are deeply committed to ensuring it is done correctly and efficiently. With Doppler, we automated the entire secrets management process."
The robust security features of Doppler, such as fine-grained access control, comprehensive logging capabilities, and integration with Okta, have enhanced Paradox's security posture. Looking ahead, Dan plans to utilize automated secret rotation to minimize long-lived credentials and help Paradox adopt zero-trust security practices. With Doppler, they can ensure that secrets are only accessible by authorized entities, preventing lateral movement and reducing the risk of unauthorized access. “The real value lies in ensuring uptime and compliance. When changes are made, it’s crucial that they don’t break anything,” concludes Dan.
"Doppler is a fundamental part of our strategy to move towards a zero-trust model. It has been instrumental in ensuring that we truly don't need to trust people. With features like automated secret rotation and comprehensive access controls, we are well on our way to achieving our enhanced security and compliance goals.”
Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.