WEBVTT 1 00:00:02.160 --> 00:00:05.280 Here we go, Warren, how are you just jumping right 2 00:00:05.360 --> 00:00:07.120 into those personal questions? 3 00:00:08.359 --> 00:00:10.839 I know right who? I can't remember who the guest was. 4 00:00:12.119 --> 00:00:15.480 We had a guest on it was earlier this year, 5 00:00:16.239 --> 00:00:18.760 and I asked her because we do like a little 6 00:00:18.760 --> 00:00:20.760 prep before we start recording, and I say, you know, 7 00:00:20.839 --> 00:00:25.160 there's no like stumped chump questions. Everything should be laid 8 00:00:25.199 --> 00:00:27.679 back in conversational. And I asked her how she was 9 00:00:27.679 --> 00:00:29.239 doing and she's like, I thought you said there would 10 00:00:29.239 --> 00:00:30.399 be no hard questions. 11 00:00:30.559 --> 00:00:32.799 I was like, oh my bad. 12 00:00:32.920 --> 00:00:35.079 I had the right answer here. Actually, I was planning 13 00:00:35.119 --> 00:00:37.079 for this the whole day and then you went and 14 00:00:37.079 --> 00:00:40.960 you asked me, and I totally forgot what it was 15 00:00:41.159 --> 00:00:43.320 that I was going to say here, So. 16 00:00:43.679 --> 00:00:44.399 You know, thanks for that. 17 00:00:44.920 --> 00:00:50.560 Yeah, yeah, that's that's why I'm here, joining us back 18 00:00:50.600 --> 00:00:55.119 after a long break. And she just dropped offline. I'll 19 00:00:55.159 --> 00:00:58.880 just foreshadow it. Jillian is back as a co host 20 00:00:58.920 --> 00:01:01.320 on the show, but she's had audio issue, so she'll 21 00:01:01.359 --> 00:01:05.120 be joining us later in the episode, but then also 22 00:01:05.640 --> 00:01:09.680 joining us today as our special guest, Brian valaalonga from Doppler. 23 00:01:09.799 --> 00:01:10.560 Brian, how are. 24 00:01:10.480 --> 00:01:13.560 You I'm doing well? Great to be here, dude. 25 00:01:13.319 --> 00:01:17.040 I'm excited to have you looking forward to this conversation 26 00:01:17.079 --> 00:01:21.680 because we're going to be talking about secrets management, which men, 27 00:01:21.719 --> 00:01:24.120 there's so many different ways to deal with that, so 28 00:01:24.200 --> 00:01:27.799 I'm excited to hear what your take on that is. 29 00:01:27.879 --> 00:01:30.159 But before we get into that, could you give our 30 00:01:30.200 --> 00:01:33.439 listeners a little bit about your background and how you 31 00:01:33.519 --> 00:01:34.760 got to this point in your life. 32 00:01:35.319 --> 00:01:35.680 Yeah? 33 00:01:35.719 --> 00:01:38.159 Sure, So, I mean, I've always been a founder at 34 00:01:38.159 --> 00:01:42.359 Hearts Dopplers. I think startup number eight or nine. It's 35 00:01:42.400 --> 00:01:45.319 been quite a journey, a lot of a lot of 36 00:01:45.920 --> 00:01:49.799 companies that now looking back probably feel more like projects. 37 00:01:51.280 --> 00:01:53.959 But yeah, a lot of failures along the way. So 38 00:01:54.159 --> 00:01:55.439 I'd say is just don't give up. 39 00:01:56.719 --> 00:01:59.400 But I think for me, where Topla really got started 40 00:01:59.480 --> 00:02:02.879 was I was working and I was working on a 41 00:02:02.920 --> 00:02:04.640 side project at the time while I was at uber 42 00:02:05.000 --> 00:02:07.120 in my free time, and it was a crypto machine 43 00:02:07.159 --> 00:02:11.159 learning marketplace, kind of like all the buzzwords in one 44 00:02:11.439 --> 00:02:16.199 and I could not funding was guaranteed, right, you would think, 45 00:02:16.319 --> 00:02:19.000 and you would think that customers were guaranteed. But turns 46 00:02:19.039 --> 00:02:22.439 out I was just a little too early and none 47 00:02:22.439 --> 00:02:24.400 of that was guaranteed at all. If anything, it was 48 00:02:24.520 --> 00:02:26.879 really freaking hard to get it off the ground. I 49 00:02:26.919 --> 00:02:28.840 felt like pushing a boulder up a hill. You move 50 00:02:28.919 --> 00:02:31.159 one foot forward and slipped five feet back from exhaustion. 51 00:02:31.520 --> 00:02:32.240 It just sucked. 52 00:02:33.919 --> 00:02:36.199 And which is funny because like, now there's a company 53 00:02:36.240 --> 00:02:38.800 today that just like is enormously successful doing like ninety 54 00:02:38.840 --> 00:02:41.759 nine percent of what we did. But that's just how 55 00:02:41.759 --> 00:02:43.879 it works, Like you gotta time it correctly, and we didn't. 56 00:02:45.159 --> 00:02:46.960 But yeah, I was working on that for a long 57 00:02:47.000 --> 00:02:53.120 time and I was just getting frustrated, and so I 58 00:02:53.159 --> 00:02:55.080 realized at some point I was never going to be 59 00:02:55.080 --> 00:02:56.800 able to get this thing off the ground, and so 60 00:02:56.879 --> 00:03:00.199 I started looking at the proms I was facing while 61 00:03:00.280 --> 00:03:05.159 running it and managing environment variables, API keys, database URLs, 62 00:03:05.159 --> 00:03:09.680 and other sensitive information that typically is used to like 63 00:03:09.680 --> 00:03:12.199 can figure an application, like I kept struggling with it 64 00:03:12.240 --> 00:03:14.240 felt really weird to share with the contractor. At one 65 00:03:14.280 --> 00:03:15.879 point in time, it's like, oh, are they gonna walk 66 00:03:15.879 --> 00:03:18.560 away with my crypto keys that I can't like really change, 67 00:03:18.800 --> 00:03:20.879 and then all the customers are relying on us to 68 00:03:20.960 --> 00:03:24.319 keep securely and then like we drop crypto one point, 69 00:03:24.319 --> 00:03:26.240 and we were using like Stripe for pay and processing, 70 00:03:26.560 --> 00:03:28.479 and we had the stripe production key in staging the 71 00:03:28.479 --> 00:03:30.400 Stage one and PROD and took us a month to 72 00:03:30.400 --> 00:03:33.840 realize why we weren't doing any transactions. So we were 73 00:03:33.919 --> 00:03:36.400 up in an operational and could not do a transaction, 74 00:03:37.039 --> 00:03:38.599 and it took us so long to figure that. It 75 00:03:38.680 --> 00:03:40.879 was just like so many of these like like face 76 00:03:40.960 --> 00:03:43.280 palm moments where it's like, damn that that sucked. 77 00:03:44.439 --> 00:03:44.919 And so I. 78 00:03:46.560 --> 00:03:49.680 Go back to I go back to this in San Franisco, 79 00:03:49.759 --> 00:03:51.960 to this dinner that had a whole bunch of founders 80 00:03:51.960 --> 00:03:56.960 and developers, and I'm like, hey, am I a shitty engineer, 81 00:03:56.960 --> 00:03:58.520 is a world broke? And I just can't tell anymore. 82 00:03:58.560 --> 00:04:03.199 You tell me real problem. And they were like, yeah, 83 00:04:03.280 --> 00:04:05.240 this is a real problem. We're all struggling with the two. 84 00:04:05.960 --> 00:04:07.960 And that's what kind of got us started. And after 85 00:04:08.000 --> 00:04:10.560 that we started building the MVP, which took a couple 86 00:04:10.560 --> 00:04:13.439 of weeks, and on the fourth week we got some 87 00:04:13.479 --> 00:04:15.479 set of customers and then we were off the races 88 00:04:16.800 --> 00:04:17.079 right on. 89 00:04:17.199 --> 00:04:19.319 I mean, that's a quick turnaround to have to be 90 00:04:19.399 --> 00:04:21.519 onboarding customers on your fourth week. 91 00:04:22.240 --> 00:04:24.959 Oh yeah, we were. We were like, speed is the 92 00:04:25.000 --> 00:04:27.079 only thing that gives us a permission to survive here 93 00:04:27.360 --> 00:04:30.160 these not We're going to get slaughtered, And so we 94 00:04:30.240 --> 00:04:35.199 just moved incredibly quickly, like there were many many days 95 00:04:35.199 --> 00:04:37.519 with no sleep. I mean, Doppler was you was our 96 00:04:37.839 --> 00:04:40.480 we were the first customer of our own product. Before 97 00:04:40.519 --> 00:04:42.639 we even had a dashboard in a UI. We would 98 00:04:42.720 --> 00:04:45.360 just only use it with the with the API, and 99 00:04:45.480 --> 00:04:47.680 whenever I needed to change secrets, I would literally go 100 00:04:47.680 --> 00:04:50.160 into the database and edit the secrets before the h 101 00:04:50.279 --> 00:04:51.160 the encryption step. 102 00:04:51.439 --> 00:04:56.519 So it's like, right on, that's awesome. 103 00:04:56.560 --> 00:04:58.879 So just to put things in context, you kind of 104 00:04:58.959 --> 00:05:03.439 hinted to it, but let's clarify what we mean by secret. 105 00:05:03.519 --> 00:05:09.279 You mentioned, you know, API keys, database, URL's passwords. Obviously, 106 00:05:09.560 --> 00:05:13.199 what kind of things fall into the scope of secrets management. 107 00:05:13.759 --> 00:05:14.959 Yeah, this is a great question. 108 00:05:16.480 --> 00:05:20.480 I generally recommend it's anything that configures the application, and 109 00:05:20.519 --> 00:05:22.040 I know that can go even into a little bit 110 00:05:22.040 --> 00:05:23.600 of extreme, Like some people on the call could be like, 111 00:05:23.680 --> 00:05:26.639 what about my port? Is my port really a secret? 112 00:05:27.199 --> 00:05:30.079 And my answer here would be yes. And the reason 113 00:05:30.120 --> 00:05:32.240 why is because if you have to start making a 114 00:05:32.319 --> 00:05:35.439 decision about what's a secret and what's not, then you're 115 00:05:36.319 --> 00:05:38.319 you could be wrong. And the one time you're wrong. 116 00:05:38.360 --> 00:05:40.399 That could lead to the company dying or some like 117 00:05:40.399 --> 00:05:43.759 crazy event happening. So instead, I say, my view is, 118 00:05:43.800 --> 00:05:47.680 anytime you're configuring an application with a variable of some type, 119 00:05:48.240 --> 00:05:50.680 an a pike or poor to a logging statement, whatever 120 00:05:50.680 --> 00:05:53.240 it is, treat all of it the same and treat 121 00:05:53.240 --> 00:05:55.600 it all as the most sensitive thing possible. That way, 122 00:05:55.600 --> 00:05:59.079 you're kind of offloading this decision making and you're saying, Okay, 123 00:05:59.120 --> 00:06:01.000 we're just gonna do the most cure thing by default, 124 00:06:01.199 --> 00:06:03.240 and so we're reducing our chances of a bat event 125 00:06:03.279 --> 00:06:06.800 happening by by what every engineer now kind of like 126 00:06:07.040 --> 00:06:08.759 randomly deciding what's a secret and what's not. 127 00:06:10.480 --> 00:06:12.959 That's a good point because I think that adds to 128 00:06:13.199 --> 00:06:16.160 a lot of the complexity I've had managing secrets in 129 00:06:16.160 --> 00:06:20.000 the past, is defining Okay, we do our configure variables 130 00:06:20.040 --> 00:06:22.439 over here, but then our secrets you're over here. And 131 00:06:22.680 --> 00:06:25.439 you've just in hindsight now that you said that, I 132 00:06:25.519 --> 00:06:29.480 just doubled my workload for really no no real good reason. 133 00:06:29.839 --> 00:06:32.519 And usually they end up being like two completely different systems, 134 00:06:32.839 --> 00:06:34.879 and so now it's even harder to track of like 135 00:06:35.000 --> 00:06:37.120 which one to one in which system it's not like 136 00:06:37.199 --> 00:06:39.199 it's like there's like a branching point that you like 137 00:06:39.240 --> 00:06:41.319 can like track that and have a review around it. 138 00:06:42.680 --> 00:06:44.920 And so a lot of times now you're just hoping. 139 00:06:44.759 --> 00:06:46.560 And praying every engineer in the company kind of just 140 00:06:46.560 --> 00:06:48.839 makes the right decision at all times, which, like we're 141 00:06:48.839 --> 00:06:51.199 all humans, We're most like at some point in time, 142 00:06:51.279 --> 00:06:53.160 someone is going to make a mistake. The problem is 143 00:06:53.199 --> 00:06:55.519 that mistake could cost the company big time and. 144 00:06:55.439 --> 00:06:56.199 All of its users. 145 00:06:56.839 --> 00:07:00.720 Yeah, so a really important point there, I think is 146 00:07:01.360 --> 00:07:04.120 not really worth like really worth diving into for a second. 147 00:07:05.160 --> 00:07:08.000 So I really like this topic because I actually have 148 00:07:08.120 --> 00:07:11.639 a conference talk that I've been doing for a couple 149 00:07:11.639 --> 00:07:15.240 of years now specifically about teaching about secrets management and 150 00:07:15.399 --> 00:07:17.600 all the different strategies out there, and there's like quite 151 00:07:17.920 --> 00:07:21.360 a few of them. Secrets manager, the cloud providers have 152 00:07:21.800 --> 00:07:24.920 key management services, there's like open source faults and whatnot. 153 00:07:25.319 --> 00:07:28.560 And the sad story is the only real strategy that 154 00:07:29.120 --> 00:07:32.399 works in theory is something like bring your own keys, 155 00:07:32.480 --> 00:07:35.639 where things are secured by default, and the number of 156 00:07:35.680 --> 00:07:37.959 providers out there that support that, Like I know we 157 00:07:38.040 --> 00:07:40.319 do at authors like let our customers bring our own keys, 158 00:07:40.319 --> 00:07:42.519 like the number of customers out there that are working 159 00:07:42.560 --> 00:07:45.519 with a provider, even like something as important as Strife 160 00:07:45.720 --> 00:07:47.879 or even some of the cloud providers, they don't support that, 161 00:07:47.920 --> 00:07:50.040 Like you can't bring your own keys to any of 162 00:07:50.079 --> 00:07:52.879 those critical systems. It's sort of ridiculous that this is 163 00:07:52.879 --> 00:07:55.759 the world we live in of only bad options are available. 164 00:07:57.199 --> 00:07:57.879 Yeah, it is. 165 00:07:58.040 --> 00:08:00.439 I mean I would say, like where we really now? 166 00:08:01.160 --> 00:08:04.120 I agree with you that it's really we're living in 167 00:08:04.160 --> 00:08:08.120 a world of bad options. Doppler tries to and obviously 168 00:08:08.160 --> 00:08:10.800 I'm biased because I found Adoptler. I'll just call that out, 169 00:08:10.879 --> 00:08:15.199 but like I think that just so anyone knows, but 170 00:08:15.319 --> 00:08:16.920 I do think that, like you can get to a 171 00:08:16.959 --> 00:08:17.720 pretty good state. 172 00:08:18.560 --> 00:08:19.759 And then I would say where the. 173 00:08:19.720 --> 00:08:21.360 World's going in a second, one I can talk about 174 00:08:21.639 --> 00:08:26.120 is like the ideal state, but at least a Doppler. 175 00:08:26.120 --> 00:08:28.160 We went through a lot of iterations, like we rebuilt 176 00:08:28.199 --> 00:08:31.839 the product from scratch like three times, and what we 177 00:08:32.000 --> 00:08:35.000 realized is that you're never gonna be able to get 178 00:08:35.039 --> 00:08:38.039 developer ad option unless you make vegetables taste like candy 179 00:08:38.080 --> 00:08:40.440 and vegetables being the security can you be in the 180 00:08:40.440 --> 00:08:41.440 developer productivity. 181 00:08:41.679 --> 00:08:42.960 Developers are never gonna use it. 182 00:08:43.360 --> 00:08:45.720 Developers are children in this scenario because it. 183 00:08:51.480 --> 00:08:56.440 So right, but yeah, you gotta, you gotta. It's it's 184 00:08:56.440 --> 00:08:59.879 really around like are are you taking energy from them? 185 00:09:00.200 --> 00:09:02.840 You giving them energy in a way, right, Like developers 186 00:09:03.000 --> 00:09:04.960 want to stay and flow state. They want to be 187 00:09:05.039 --> 00:09:08.080 super productive, and if you can help them be more productive, 188 00:09:08.080 --> 00:09:10.639 if you can give them like a tailwind, then they 189 00:09:10.639 --> 00:09:13.039 will love your tool and they'll use it regardless of 190 00:09:13.080 --> 00:09:16.279 the security benefits. But if you give them headwinds, well 191 00:09:16.320 --> 00:09:20.039 they're gonna run away from you because they don't like that, understandably. 192 00:09:20.399 --> 00:09:23.039 And so for us, that was our trick to making 193 00:09:23.120 --> 00:09:26.960 it a tool that developers truly loves. The company gets 194 00:09:26.960 --> 00:09:29.840 security benefits is give them about two hours a week 195 00:09:29.960 --> 00:09:33.279 of productivity games and there's a whole host of ways 196 00:09:33.279 --> 00:09:34.320 we do that. We don't have to get into that 197 00:09:34.360 --> 00:09:37.159 on this call, but like that was the fundamental reason 198 00:09:38.080 --> 00:09:40.440 that I think doubt war has become somewhat successful in 199 00:09:40.480 --> 00:09:43.440 helping developers want to manage their secrets better. It's not 200 00:09:43.480 --> 00:09:45.720 about forcing them to, it's about getting them to want 201 00:09:45.759 --> 00:09:49.600 to do it. And then I think I mentioned before, 202 00:09:49.799 --> 00:09:53.120 like where it's going in the ideal state, we're moving 203 00:09:53.120 --> 00:09:58.000 to this world of like identity based seek, like identity 204 00:09:58.000 --> 00:10:01.399 based authentication. And so the idea here is like with 205 00:10:01.559 --> 00:10:04.559 like we have something like pass key, where like you 206 00:10:04.600 --> 00:10:06.840 can scan your fingerprint or scan your face and get 207 00:10:06.840 --> 00:10:09.600 into another system with just your email address and that 208 00:10:09.679 --> 00:10:12.320 like fingerprint or that face ID, and that's called passkey. 209 00:10:12.320 --> 00:10:14.799 It's getting rolled out across like all these major sites today. 210 00:10:15.320 --> 00:10:18.279 That's gonna start happening with secrets like API keys. Instead 211 00:10:18.279 --> 00:10:21.080 of having this API key, you'll have like this identity 212 00:10:21.120 --> 00:10:23.879 and so the fact that you're on your laptop or 213 00:10:23.879 --> 00:10:27.440 in an AWS cluster, you'll automatically be authenticated to stripe 214 00:10:27.440 --> 00:10:30.399 in the future. And that's like a really powerful thing. 215 00:10:30.720 --> 00:10:32.960 And my guess is it will be like a little 216 00:10:33.000 --> 00:10:35.039 bit difficult to set up without like a proper secrets 217 00:10:35.039 --> 00:10:37.360 manager like Doppler, But once it is set up, it'll 218 00:10:37.360 --> 00:10:39.480 be seamless, like you're just in the machine and it 219 00:10:39.519 --> 00:10:42.600 just works. You're automatically authenticated and there's nothing else you 220 00:10:42.639 --> 00:10:44.919 need to do, and there's now no worry about actually 221 00:10:44.960 --> 00:10:48.200 losing this secrets, which can cause a breach or anything 222 00:10:48.240 --> 00:10:48.519 like that. 223 00:10:48.879 --> 00:10:50.279 It'll just be secured by default. 224 00:10:50.639 --> 00:10:54.480 Yeah, for sure, So that scenario sounds to me a 225 00:10:54.519 --> 00:10:57.840 lot like or like very similar to the open id 226 00:10:58.320 --> 00:11:03.320 connect platform. We use that a lot with our GitHub integration. 227 00:11:03.480 --> 00:11:07.519 So the way that works for anyone who's not familiar 228 00:11:07.519 --> 00:11:12.159 with it is GitHub. When your GitHub action runs, it 229 00:11:12.200 --> 00:11:17.440 sends an authenticated request to your AWS environment. ABS validates 230 00:11:17.480 --> 00:11:20.759 that request, and then issues back a temporary set of 231 00:11:20.799 --> 00:11:24.600 credentials tied to a specific role that has been set up. 232 00:11:24.679 --> 00:11:29.600 So now your GitHub action has permissions inside your AWS 233 00:11:29.639 --> 00:11:32.519 account to do only the things that are permitted by 234 00:11:32.600 --> 00:11:35.960 that role and only within the timeframe set by those 235 00:11:36.039 --> 00:11:38.279 keys that were issued to it. And it is a 236 00:11:38.320 --> 00:11:40.159 pain in the pain and he has to set up, 237 00:11:40.440 --> 00:11:44.200 but like, once it's set up, it's so seamless and 238 00:11:44.279 --> 00:11:48.039 smooth and you never have to you never have to 239 00:11:48.080 --> 00:11:50.120 lie to your security guys and say, oh, yeah, we 240 00:11:50.240 --> 00:11:51.120 rotated the keys. 241 00:11:51.240 --> 00:11:51.919 Absolutely. 242 00:11:52.799 --> 00:11:55.320 I really liked that you brought this up, actually, because 243 00:11:55.759 --> 00:11:59.039 the canonical name that you called it was open id connect, 244 00:11:59.159 --> 00:12:02.679 which isn't wrang and the like GitHub and AWS jumped 245 00:12:02.720 --> 00:12:05.360 on oi DC as the acronym for it for making 246 00:12:05.360 --> 00:12:09.159 this work, and that's not what open idconnect is at all, 247 00:12:09.240 --> 00:12:11.440 but that's what all these providers are calling it the 248 00:12:11.480 --> 00:12:15.440 canonical term ridiculously is actually known as workload identities, and 249 00:12:15.480 --> 00:12:19.399 they're sourced from the some trusted location. So in this case, 250 00:12:20.360 --> 00:12:23.519 you're having your aw's account trust GitHub as a source, 251 00:12:23.720 --> 00:12:27.519 and then your workload is getting its own temporary identity 252 00:12:27.559 --> 00:12:30.799 which can authenticate to your cloud profighter. And yeah, for Charlotte, 253 00:12:31.279 --> 00:12:33.840 this is the dream come true of bring your own keys. 254 00:12:34.159 --> 00:12:37.000 Workload identity is being able to be passed from wherever 255 00:12:37.039 --> 00:12:40.039 you're running to whatever the third party application is that 256 00:12:40.080 --> 00:12:42.799 you're integrating with without ever needing to do anything else 257 00:12:42.840 --> 00:12:46.639 other than potentially sharing a public key exchange, because I 258 00:12:46.639 --> 00:12:48.879 think that's still going to need to be a manual 259 00:12:48.919 --> 00:12:50.360 step by everyone involved. 260 00:12:51.399 --> 00:12:53.320 How does that line up with the future as you 261 00:12:53.360 --> 00:12:54.240 see it, Brian. 262 00:12:54.759 --> 00:12:59.559 It's very close. I think we need some. 263 00:13:01.039 --> 00:13:03.840 Player, and I think Doppler is going to be that 264 00:13:03.879 --> 00:13:06.799 middle player that kind of acts as like the network 265 00:13:06.879 --> 00:13:10.960 highway for everyone. So I'll give you an example. Let's 266 00:13:10.960 --> 00:13:13.840 just say you're an AWS. We're gonna make it super 267 00:13:13.879 --> 00:13:17.720 seamless to be connected from AWS to Doppler, and so 268 00:13:17.759 --> 00:13:20.120 anytime you're in AI of US, you're automatically authenticated to 269 00:13:20.120 --> 00:13:22.360 Doppler with all the right roles, permissions and all that stuff. 270 00:13:23.639 --> 00:13:26.240 And then you're gonna also want that because you're a 271 00:13:26.320 --> 00:13:29.320 Doppler to be connected automatically to Stripe, to Twilia, to 272 00:13:29.360 --> 00:13:32.639 your database, to the ten thousand other services you're using. 273 00:13:33.120 --> 00:13:35.519 And so now you're gonna get this beautiful world where 274 00:13:35.519 --> 00:13:39.759 you don't have to configure all these individual relationships painfully 275 00:13:39.799 --> 00:13:43.679 in AWS. Instead, you'll set up one relationship with Doppler, 276 00:13:43.759 --> 00:13:45.639 and then Dopper will kind of give you a seamless 277 00:13:45.639 --> 00:13:48.000 way to like manage the rest, and so you kind 278 00:13:48.000 --> 00:13:50.120 of get this like one to one and then one 279 00:13:50.120 --> 00:13:51.840 to many. Right, So, the fact that you're an a 280 00:13:51.919 --> 00:13:54.320 of us, you're not authenticated Dopper, which means you're authenticated 281 00:13:54.320 --> 00:13:56.000 to Stripe, and it all just kind of like works 282 00:13:56.000 --> 00:13:58.360 seamlessly in the background, like Dopper kind of like fades 283 00:13:58.399 --> 00:14:00.799 away and it's like just opera and completely in the 284 00:14:00.840 --> 00:14:04.440 shadows and giving you that authentication to all the services 285 00:14:04.480 --> 00:14:06.799 that you care about. And that's kind of like the 286 00:14:06.840 --> 00:14:10.559 world we see ourselves playing in in the future. 287 00:14:12.159 --> 00:14:13.679 Right on what. 288 00:14:15.320 --> 00:14:17.440 You know, did anybody like ever use party lines or 289 00:14:17.440 --> 00:14:19.000 anything when they were a kid and you'd have to 290 00:14:19.039 --> 00:14:22.679 call it and they would direct you to where you 291 00:14:22.720 --> 00:14:24.240 needed to go. And then in the background, you know, 292 00:14:24.279 --> 00:14:26.240 like the nosy neighbor would be listening in on just 293 00:14:26.279 --> 00:14:28.519 everybody's call and would know everything that was going on. 294 00:14:30.240 --> 00:14:34.360 That nosyas nosy neighbor was my grandma. She was always 295 00:14:34.399 --> 00:14:35.120 on their listening. 296 00:14:35.879 --> 00:14:38.200 Yeah, I had I had some mounts like that too. 297 00:14:38.720 --> 00:14:41.039 They always knew what was up. And let's stop for 298 00:14:41.200 --> 00:14:42.240 Doppler knows what's up too. 299 00:14:43.759 --> 00:14:45.840 We try as hard as possible not to know what's 300 00:14:45.919 --> 00:14:52.159 upment you're looking for. 301 00:14:52.799 --> 00:14:55.000 Right, Nice save Brian Nice. 302 00:14:58.120 --> 00:15:00.679 I think in like reality, we we'll end up thing is 303 00:15:00.720 --> 00:15:04.759 like we will like offload the like we'll giving because 304 00:15:04.759 --> 00:15:06.960 while the relationship with Stripe or any of these services, 305 00:15:07.279 --> 00:15:09.000 it'll all just get encrypted at the end day, and 306 00:15:09.039 --> 00:15:10.639 we'll just try to make sure that we set up 307 00:15:10.639 --> 00:15:13.559 the encryption in a way that we can't possibly like 308 00:15:13.720 --> 00:15:16.720 read the output of because I like, for everyone's benefit, 309 00:15:16.720 --> 00:15:18.639 we don't want to be able to see that data. 310 00:15:18.919 --> 00:15:21.360 Yeah, I mean, I think the biggest problem today is 311 00:15:21.399 --> 00:15:26.279 that those serve, those products, those applications that you really 312 00:15:26.320 --> 00:15:30.039 want to have protected, have some of the worst security 313 00:15:30.200 --> 00:15:33.240 and ever. Like you used to Wripe as an example, 314 00:15:33.240 --> 00:15:35.279 and I'm not it's not the worst one there is, 315 00:15:35.360 --> 00:15:38.039 but you can't even like I can't even get SSO 316 00:15:38.200 --> 00:15:40.960 to work with Stripe, like they they don't support it anymore. 317 00:15:41.000 --> 00:15:44.279 Like literally Stripe does not support SSO, And I'm just 318 00:15:44.320 --> 00:15:47.279 like how, like why not? Like I want that to 319 00:15:47.320 --> 00:15:50.559 be integrated into my into my seam system. I want 320 00:15:50.559 --> 00:15:52.799 to be able to authenticate there and have two factor 321 00:15:52.840 --> 00:15:56.480 off through whatever provider I'm utilizing, and it doesn't support it, 322 00:15:56.519 --> 00:15:59.279 so like they don't even support that baseline. So I 323 00:15:59.320 --> 00:16:01.879 have very little faith that in the very near future 324 00:16:02.080 --> 00:16:05.080 strife will support workload identities to. 325 00:16:05.000 --> 00:16:06.879 Be able to prove that. But I mean, if we 326 00:16:06.919 --> 00:16:07.840 get there, that would be great. 327 00:16:08.000 --> 00:16:10.279 So far, the number of providers that really support this 328 00:16:10.480 --> 00:16:12.559 is just absolutely minuscule. 329 00:16:13.039 --> 00:16:15.600 So I have two thoughts around that, because we put 330 00:16:15.639 --> 00:16:17.320 a lot of time into thinking about like how do 331 00:16:17.360 --> 00:16:21.279 we get the community to My gut reed on what's 332 00:16:21.279 --> 00:16:23.799 going to happen is eventually there's gonna be an open 333 00:16:23.840 --> 00:16:25.159 protocol that everyone can. 334 00:16:25.039 --> 00:16:27.799 Like adhere to that's like pretty easy to use. 335 00:16:28.240 --> 00:16:31.200 Probably they'll be like SDKs and all the popular languages, 336 00:16:31.639 --> 00:16:34.440 and then some company or a band of secret spanagement 337 00:16:34.440 --> 00:16:36.519 companies are going to put out a leader board and 338 00:16:36.559 --> 00:16:38.879 they're going to show all the companies that do support it. 339 00:16:38.879 --> 00:16:41.039 It will be kind of like the SSO tax website, 340 00:16:41.159 --> 00:16:42.600 and you kind of just like want to be on 341 00:16:42.639 --> 00:16:43.960 that list or don't want to be on that list, 342 00:16:44.000 --> 00:16:46.360 depending on how it's structured. And my hope is that 343 00:16:46.399 --> 00:16:48.919 like that will create enough peer pressure. And then on 344 00:16:49.000 --> 00:16:50.080 top of that, I'm only. 345 00:16:49.919 --> 00:16:52.840 A bet a lot of money that, like as. 346 00:16:53.240 --> 00:16:56.000 AI gets more and more sophisticated and can go from 347 00:16:56.039 --> 00:16:58.519 like being a co pilot to like a full blown engineer, 348 00:16:59.039 --> 00:17:01.559 like AI engine years and I'm talking about humans that 349 00:17:01.559 --> 00:17:03.840 are using AI to engineer. I'm talking about an AI 350 00:17:03.960 --> 00:17:08.000 that is fully capable of being an engineer. Those those 351 00:17:08.039 --> 00:17:11.400 AI agents are going to want identity based authentication and 352 00:17:11.440 --> 00:17:15.720 they will push aggressively for it, and I bet that's gonna, 353 00:17:15.799 --> 00:17:19.039 like those two things together will probably lead over time 354 00:17:19.359 --> 00:17:21.920 to like all the big players eventually like doing this 355 00:17:22.200 --> 00:17:23.440 just because they have to. 356 00:17:24.200 --> 00:17:29.599 I love your optimism, Like it's just it's just so great. 357 00:17:29.880 --> 00:17:32.680 I mean, because like today we see so many. 358 00:17:32.519 --> 00:17:35.759 People putting credentials in plain text, let alone whatever else 359 00:17:35.799 --> 00:17:37.720 we're going to call a secret, So getting them to, 360 00:17:37.799 --> 00:17:39.880 you know, go down a different path is a huge 361 00:17:39.960 --> 00:17:42.599 challenge there. And the other problem is like there is 362 00:17:42.640 --> 00:17:46.480 a bit of a standard already around the providers where they. 363 00:17:46.440 --> 00:17:46.799 Can use it. 364 00:17:46.839 --> 00:17:49.960 I think everyone could stand up any sort of open id, 365 00:17:50.559 --> 00:17:53.000 but it doesn't give them a lot of like, it 366 00:17:53.000 --> 00:17:55.359 doesn't give them money, like, it doesn't help the businesses 367 00:17:55.400 --> 00:17:57.759 grow to support that as an optional. Less some bigger 368 00:17:57.839 --> 00:18:00.680 players as yeah, we like, if you want us to 369 00:18:00.920 --> 00:18:03.079 use you, you have to support this. And I think 370 00:18:03.119 --> 00:18:04.680 the great example of that is you brought up a 371 00:18:04.720 --> 00:18:07.839 SSO tax, which I think does the wrong thing. I 372 00:18:07.880 --> 00:18:11.559 feel like it's positive reinforcement for all these companies that 373 00:18:11.599 --> 00:18:13.480 do the wrong thing. I see this leaderboard of all 374 00:18:13.559 --> 00:18:17.000 these companies, and now I read that name, and is 375 00:18:17.039 --> 00:18:20.240 there something known in psychology is called preferential attachment. I 376 00:18:20.319 --> 00:18:24.559 see this company listed there, and I forget why, Like 377 00:18:24.599 --> 00:18:27.200 I don't remember SSO tax and you remember the name. 378 00:18:27.279 --> 00:18:29.759 And then months later I got a call from one 379 00:18:29.799 --> 00:18:33.400 of their terrible salespeople trying to harass me on my 380 00:18:33.519 --> 00:18:35.759 personal phone number, saying, hey, do you want to buy 381 00:18:35.759 --> 00:18:38.599 our product? But I heard that company name before, so 382 00:18:38.920 --> 00:18:41.519 now I'm tempted to actually buy their product. Even then, 383 00:18:41.559 --> 00:18:43.880 the reason I know about them is because they were 384 00:18:43.920 --> 00:18:47.039 listed on a site that says they did the wrong thing. 385 00:18:47.240 --> 00:18:51.359 We see the same thing happen with vulnerabilities and data leaks. 386 00:18:51.599 --> 00:18:53.960 You learn about companies because they had a data leak, 387 00:18:54.000 --> 00:18:56.920 and that just actually enforces how great they must be, 388 00:18:56.920 --> 00:18:58.839 because then they send out those emails thing, oh, we're 389 00:18:58.880 --> 00:19:01.920 committed to security, we're going to change things and uh, 390 00:19:02.079 --> 00:19:04.480 and that gives you. That gives you some confidence in 391 00:19:04.759 --> 00:19:07.880 this particular company. So I think there's a special message 392 00:19:07.880 --> 00:19:09.960 that has to be sent that actually does the right thing. 393 00:19:10.279 --> 00:19:13.119 Having a group of standards can work, But if the 394 00:19:13.119 --> 00:19:16.119 companies haven't taken it on themselves to actually implement these, 395 00:19:16.519 --> 00:19:18.480 I don't like. I don't see magically that it's going 396 00:19:18.559 --> 00:19:20.000 to happen in the next ten years. 397 00:19:20.359 --> 00:19:24.440 Maybe another way to I mean I used to think 398 00:19:24.480 --> 00:19:26.440 the same thing about Pasky's, but now it's getting rolled out. 399 00:19:27.640 --> 00:19:31.160 So but on the flip side, also, this could be 400 00:19:31.160 --> 00:19:33.440 a place where like war compliance comes in, like they 401 00:19:33.440 --> 00:19:36.279