Secrets management, or the use of tools to access and create digital authentication credentials, was growing in adoption before the pandemic. But as health crises forced companies to move online, secret management became an indispensable part of operations. According to a 2021 1Password survey, 65% of businesses now have more than 500 secrets, while 18% have more than they can count.
However, managing secrets tends to be a tedious and expensive task, with DevOps and IT workers responding to the 1Password survey saying they spend an average of 25 minutes each day managing secrets with an annual payroll expense of approximately $ 8.5 billion. The search for solutions to the challenge has spawned startups like Doppler, which offers a service developers can use to manage and secure secrets, specifically application secrets, “at scale” in enterprise environments. Doppler announced today that it has raised $20 million in Series A funding to further develop its secret timing capabilities.
“Existing secrets management tools are designed by security engineers, for security engineers…these tools are cumbersome to use and don’t focus on the developer experience,” co-founder and CEO Brian Vallelunga told TechCrunch by email. “After substantial investigation, [I started] working on a ‘SecretsOps’ platform designed for developers and their teams [that became Doppler].”
Doppler is Vallelunga’s fifth startup after Laborate (a classroom collaboration app), Juicy (an “anonymous” social network), Burl Apps (a mobile app incubator), and Miza (an advertising platform that bypasses blockers). advertisements). He also did a stint as a software engineer at Uber, where he worked on the app security team.
Thomas Piccirello, the other co-founder of Doppler, was previously a software engineer at BlackRock and founded a cloud-based insurance claims management startup (AI Insurance). Vallelunga and Piccirello met after Doppler joined Y Combinator’s W19 cohort.
“The ability to securely store, transmit and audit secrets has never been more critical, as a minor mistake can lead to catastrophic results,” CRV general partner Murat Bicer, a Doppler investor, said in a statement. “In a world where putting a single space in the wrong place can literally bring down a company’s entire website, Doppler makes it easy to prevent leaks and outages with its developer-centric approach.”
“Secrets” in the context of app development refers to anything about an app that a developer wants to keep secret. This could include passwords and credentials, but also things like API keys and digital certificates.
Doppler’s platform serves as an encrypted source of truth, allowing teams to organize their application secrets across projects and environments and roll back changes when necessary. Users can create references to frequently used secrets in Doppler and be alerted via Slack and Microsoft Teams when things change.
Doppler’s command line interface knows which secrets to look for based on the project directory. And it automates secret synchronization, requiring developers to update secrets only once.
The benefits of secret management are clear. According to a 2019 report commissioned by ThycoticCentrify, which, it should be noted, is a provider of secrets management software, 57% of respondents said they had experienced a security incident related to exposed secrets from insecure DevOps processes. 1Password pegs the cost of a company losing control of its secrets at $1.2 million in revenue per year.
Judging by the initial traction, companies are actually seeing value in products like Doppler’s. Vallelunga says that Doppler has 16,000 client organizations, including Puma, Hopin, Toast and OnDeck, and delivers more than 1.5 billion secrets each month.
Of course, Doppler isn’t alone in competing for corporate dollars to manage secrets. Vallelunga sees HashiCorp Vault as Doppler’s closest rival, but there’s also AWS Secrets Manager, the aforementioned 1Password, and Google Cloud’s Secret Manager, among others.
Grand View Research predicts that the password management market alone will be worth up to $2.05 billion by 2025.
As in any industry, expansion of the addressable market for secrets management will require convincing holdouts to adopt new software and technologies. One source, Ekran Systems, a provider of threat monitoring software, estimates that only 10% of organizations were using secrets management solutions as of 2019.
Vallelunga’s strategy is to invest heavily and simultaneously in engineering and product development. Doppler will more than double its workforce from 22 to 50 by the end of the year and launch new features, including a “pull request” flow for secrets, he says. Other additions will include “secret rotation” and “dynamic secrets” to, in Vallelunga’s words, “give organizations a way out of long-running static secrets.” As the names indicate, a dynamic the secret is generated on demand while a static the secret is defined in advance.
“[These capabilities] it will give developers and their teams the tools they need to review critical changes to their secrets at scale,” Vallelunga continued.
CRV led Doppler’s Series A with participation from GV, Sequoia Capital, and Y Combinator, as well as angels like GitHub CEO Thomas Dohmke, Datadog CEO Olivier Pomel, Twilio founder Evan Cooke, and the Postman CTO Ankit Sobti. The startup has raised $28.8 million in capital to date.