WEBVTT 1 00:00:04.799 --> 00:00:07.480 Hey, folks, welcome back to another episode of the Ruby 2 00:00:07.559 --> 00:00:10.759 Rogues podcast. This week, on our panel we have Valentino Stole. 3 00:00:11.359 --> 00:00:11.519 Hey. 4 00:00:11.599 --> 00:00:15.640 Now, I'm Charles Maxwood from top End Devs and this 5 00:00:15.759 --> 00:00:21.399 week we're here with Brian Valalunga. Now, you are the 6 00:00:21.440 --> 00:00:26.039 CEO and co founder of Doppler, and that's an app 7 00:00:26.079 --> 00:00:30.640 that helps manage secrets. You probably have a better pitch 8 00:00:30.719 --> 00:00:32.840 than that, so I'll let you explain what you do. 9 00:00:33.719 --> 00:00:36.520 Hey all, it's great to be here. Yeah, Doppler is 10 00:00:36.759 --> 00:00:39.880 a secrets manager designed to be your single source treat 11 00:00:39.920 --> 00:00:44.640 for secrets across all your projects, environments, team members, and infrastructure. 12 00:00:45.159 --> 00:00:46.439 So you kind of think about it like as get 13 00:00:46.520 --> 00:00:48.560 up for secrets. 14 00:00:48.039 --> 00:00:52.200 Right, And I think I don't know. In the Ruby 15 00:00:52.200 --> 00:00:55.799 community at least where I deal with people, and especially 16 00:00:55.799 --> 00:00:58.520 in Rails, right, we kind of understand what the secrets are. 17 00:00:58.600 --> 00:01:03.119 It's your password, it's maybe your you know, you have 18 00:01:03.200 --> 00:01:05.319 your Rails master key, which gives you access to the 19 00:01:05.359 --> 00:01:09.719 secrets in Rails, but you also have like your what 20 00:01:09.879 --> 00:01:11.760 is that it's a token for your sessions. I can't 21 00:01:11.799 --> 00:01:15.920 remember what it's called anyway, So you need that secret key, 22 00:01:16.079 --> 00:01:18.719 and yeah, people can compromise your security if you don't 23 00:01:18.719 --> 00:01:25.519 have that secured. Are there things besides like passwords and 24 00:01:25.519 --> 00:01:27.680 API keys that you consider secrets? 25 00:01:28.640 --> 00:01:33.840 Yeah, outside like API keys, like a stripe token, yeahse 26 00:01:33.959 --> 00:01:36.760 rls encryption keys are typically the ones that we see 27 00:01:36.799 --> 00:01:40.280 the most. I also just like have like a general 28 00:01:41.519 --> 00:01:44.319 thought process around this of anything that's configured by the 29 00:01:44.359 --> 00:01:46.519 environment should be treated but as a secret, so it 30 00:01:46.560 --> 00:01:50.159 should be treated like the most sensitive thing. So we 31 00:01:50.239 --> 00:01:53.799 kind of tell all of or we recommend our audience 32 00:01:53.879 --> 00:01:56.920 that you should kind of treat your environment variables and 33 00:01:56.959 --> 00:01:59.120 your secrets all the same. Right, your poored in future 34 00:01:59.120 --> 00:02:01.840 flag should be treated securely as your secrets. That way, 35 00:02:01.879 --> 00:02:04.280 developers don't need to make the choice of is this 36 00:02:04.359 --> 00:02:06.560 secure or is this not? They're always just doing the 37 00:02:06.599 --> 00:02:08.919 secure thing by defaults. And then the trick is just 38 00:02:08.960 --> 00:02:12.400 make that whole workflow and tooling as developer friendly as possible. 39 00:02:12.400 --> 00:02:13.919 So they wanted to go down that. 40 00:02:13.840 --> 00:02:18.319 Path, right, So I'm just going to kind of cover 41 00:02:18.400 --> 00:02:22.520 the basics of how I do this, and then maybe 42 00:02:22.520 --> 00:02:24.000 you can tell us if there are other ways that 43 00:02:24.039 --> 00:02:27.080 you're seeing people do it. But typically these kinds of 44 00:02:27.080 --> 00:02:29.759 things where I see them and I'm sure Valentino is 45 00:02:29.800 --> 00:02:32.199 in kind of the same boat. Is they either show 46 00:02:32.280 --> 00:02:39.000 up in environment variables or they show up in the 47 00:02:39.080 --> 00:02:42.319 rail secrets or and effectively, what it is is it's 48 00:02:42.360 --> 00:02:48.120 a it's an encrypted file and so then the encryption 49 00:02:48.240 --> 00:02:51.360 key is usually put into an environment variable or you know, 50 00:02:52.800 --> 00:02:54.800 passed into the system that you're running it on on 51 00:02:54.840 --> 00:02:57.800 the other end in some way. And lately I've been 52 00:02:57.840 --> 00:03:01.479 doing my deployments with Kamal, which uses stocker, and so 53 00:03:03.120 --> 00:03:05.280 it kind of sets that all up when it sets 54 00:03:05.360 --> 00:03:09.719 up the container. But I've always kind of wondered because 55 00:03:10.000 --> 00:03:12.319 you can ask the system if you can get into it, 56 00:03:12.360 --> 00:03:14.919 what the environment variables are, So I don't even know 57 00:03:14.960 --> 00:03:16.560 if that's the best practice anymore. 58 00:03:18.719 --> 00:03:22.840 Yeah, that's pretty much the two paths that we see. 59 00:03:22.879 --> 00:03:26.560 Either some encrypted file somewhere or it's just struggling available 60 00:03:26.599 --> 00:03:31.199 in the environment. I'm a pretty big fan of if 61 00:03:31.240 --> 00:03:34.879 you're going to do the environment path or injected through 62 00:03:34.919 --> 00:03:37.520 the environment, immediately do a cleanup of the environment before 63 00:03:37.560 --> 00:03:40.680 all your other dependencies get loaded in. So like basically 64 00:03:40.680 --> 00:03:43.919 load those secrets out of the environment, then clean them 65 00:03:43.960 --> 00:03:47.319 up from the environment, then load everything else. That way, 66 00:03:47.360 --> 00:03:49.960 you can't have like a rogue dependency, go and capture 67 00:03:49.960 --> 00:03:53.240 all your secrets and then send it somewhere. The other 68 00:03:53.280 --> 00:03:55.960 path of like using a file that's encrypted, is also 69 00:03:56.000 --> 00:03:58.960 a really good path too, So I think both are 70 00:03:58.960 --> 00:03:59.439 pretty good. 71 00:04:00.560 --> 00:04:02.240 What do you do in Valentino? Is it kind of 72 00:04:02.280 --> 00:04:04.520 the same or Uh? 73 00:04:05.360 --> 00:04:09.400 We use a lot of AWS stuff to handle a 74 00:04:09.439 --> 00:04:10.080 lot of the. 75 00:04:12.080 --> 00:04:13.680 Lot a lot of secrets management. 76 00:04:13.719 --> 00:04:16.800 We have a secret there. Yeah, and then I think 77 00:04:16.839 --> 00:04:20.920 that it may even be isolated from the main environments 78 00:04:20.959 --> 00:04:26.040 too and handled that way in an isolated environment. We 79 00:04:26.199 --> 00:04:28.600 use soccer as well, so it could be like an 80 00:04:28.600 --> 00:04:31.680 isolated container that then feeds back into the other container. 81 00:04:32.360 --> 00:04:35.199 So are you I'm guessing you have your secrets stored 82 00:04:35.240 --> 00:04:38.079 on like a secrets manager, and then those secrets are 83 00:04:38.079 --> 00:04:40.439 then pushed into the container. H. 84 00:04:40.480 --> 00:04:43.319 I think so something like that. Uh, it may even 85 00:04:43.360 --> 00:04:47.839 be one step further where uh it's in a w 86 00:04:48.199 --> 00:04:51.439 S and then at like run time, it's like the 87 00:04:51.480 --> 00:04:55.000 secrets are loaded into the apps memory. Uh for the 88 00:04:55.040 --> 00:04:58.199 particular use case. I don't really know all of the details, 89 00:04:58.240 --> 00:05:01.360 to be honest, I'm not on the infrastructure team. Everyone's 90 00:05:01.360 --> 00:05:05.560 a while. We have to rotate keys and that's definitely, uh, 91 00:05:06.920 --> 00:05:10.959 you know, an easy process for us. But yeah, we 92 00:05:11.000 --> 00:05:12.680 have some command line that does it. It's not just 93 00:05:12.759 --> 00:05:14.920 like changing the environment variable. 94 00:05:16.959 --> 00:05:18.560 Sounds like you guys are pretty well set up there. 95 00:05:18.560 --> 00:05:20.800 I mean that's that's like the dream is to make 96 00:05:21.079 --> 00:05:23.839 secret trans super easy and simple but also very secure 97 00:05:23.839 --> 00:05:24.439 at the same time. 98 00:05:26.240 --> 00:05:30.160 Yeah. That makes me, uh curious because like I think 99 00:05:30.160 --> 00:05:34.319 at one time we were using forget what hash rockets 100 00:05:34.319 --> 00:05:40.160 product is, we ended up moving away from that. Yeah, 101 00:05:40.199 --> 00:05:42.439 I don't know, we were using some vendor for doing 102 00:05:42.439 --> 00:05:46.120 the secret management, but yeah, having a command line or 103 00:05:46.199 --> 00:05:49.879 some kind of central place. Uh, the command line doesn't 104 00:05:49.920 --> 00:05:54.199 even need to be your you know, your ux of choice, 105 00:05:54.240 --> 00:05:57.800 but just having the central lives place where all of 106 00:05:57.800 --> 00:06:02.959 that access points happen. It definitely helps like isolate and 107 00:06:03.120 --> 00:06:06.519 track to be honest, who's touching what and changing it. 108 00:06:08.680 --> 00:06:11.120 I don't know if Doppler has those kind of features 109 00:06:11.160 --> 00:06:14.839 as far as like tracking changes and getting the full 110 00:06:15.040 --> 00:06:19.519 logs and things like that, but that's definitely been super valuable. 111 00:06:20.240 --> 00:06:23.600 Yeah, So I think Doppler kind of comes from a 112 00:06:23.639 --> 00:06:25.639 first principal standpoint about like what is a good secrets 113 00:06:25.680 --> 00:06:27.480 manager look like? And for us, we have a couple 114 00:06:27.519 --> 00:06:30.279 of things that we deeply care about. First is that 115 00:06:30.399 --> 00:06:34.000 all your secrets are centralized in one place across your 116 00:06:34.040 --> 00:06:37.839 projects and environments. And once they're all in one place, 117 00:06:38.000 --> 00:06:40.959 we can set up pretty robust access controls, either by 118 00:06:41.040 --> 00:06:44.639 users or by groups that are policy driven. And then 119 00:06:44.839 --> 00:06:46.759 from there you get a complete audit story, so you 120 00:06:46.800 --> 00:06:49.720 know every time a son's read a secret, written a secret, 121 00:06:49.800 --> 00:06:53.560 change some settings on every device. With the ri ip address, 122 00:06:53.639 --> 00:06:56.720 you get a whole picture about everything that's going around 123 00:06:56.920 --> 00:06:58.920 or going on around your secrets. And then the other 124 00:06:59.000 --> 00:07:01.720 key part is that it's deeply connected to their workflows 125 00:07:01.720 --> 00:07:04.800 and their infrastructure. So on the workflow side, and like 126 00:07:04.879 --> 00:07:07.319 local developments, we want you to be able to edit 127 00:07:07.360 --> 00:07:09.199 your secrets side by side with your code. You have 128 00:07:09.199 --> 00:07:12.879 a vis code extension, and so those secrets actually kind 129 00:07:12.879 --> 00:07:15.199 of look like a Yami file, but they're actually not. 130 00:07:15.399 --> 00:07:19.600 It's like a something called a virtual file system, so 131 00:07:19.759 --> 00:07:21.279 it behaves like a file, but it's actually not as 132 00:07:21.279 --> 00:07:23.920 connecting a dowtware in the back end, so it's super secure. 133 00:07:24.319 --> 00:07:27.879 And then on the orchestration side for production is we 134 00:07:27.920 --> 00:07:30.519 will write into a toa secrets manager into Kubernetes or 135 00:07:30.560 --> 00:07:33.120 wherever it may be, so that your infrastructure immediately gets 136 00:07:33.120 --> 00:07:36.639 those secrets when they change and restart your deployment seed, 137 00:07:36.800 --> 00:07:37.759 you don't have any downtime. 138 00:07:38.600 --> 00:07:40.720 Yeah, I remember using a system like this way back 139 00:07:40.759 --> 00:07:42.240 in the day. I think you had to log into 140 00:07:42.279 --> 00:07:44.839 their interface or use their command line interface in order 141 00:07:44.839 --> 00:07:47.279 to edit your secrets. And I can't, for the life 142 00:07:47.319 --> 00:07:51.600 of me remember what it was called. But I played 143 00:07:51.600 --> 00:07:54.319 with it and it was cool. It was just there 144 00:07:54.600 --> 00:07:57.839 were steps to setting it up, and I'm lazy, and 145 00:07:57.920 --> 00:07:59.600 so I just went back to what I was doing. 146 00:08:00.519 --> 00:08:03.519 I for that matter, you got to make it Like 147 00:08:03.560 --> 00:08:06.000 we have this theme at Doppler, and it's it's quite simple. 148 00:08:06.000 --> 00:08:09.000 It's make vegetables taste like candy, vegetables being the security 149 00:08:09.120 --> 00:08:10.879 candy be in the developer productivity. If you do not 150 00:08:11.079 --> 00:08:13.600 make it, if the tool does not make the developers' 151 00:08:13.600 --> 00:08:15.560 lives better, Like you can't just say, hey, use this 152 00:08:15.600 --> 00:08:18.240 tool because it's more secure, like that doesn't fly, because 153 00:08:18.240 --> 00:08:20.920 developers then they care about moving fast and shipping product, 154 00:08:21.120 --> 00:08:23.079 and so you have to aid them in that you have, 155 00:08:23.199 --> 00:08:24.560 Like in our case, we try to give them two 156 00:08:24.600 --> 00:08:26.839 hours a day or sorry, two hours a week. Back 157 00:08:27.000 --> 00:08:30.399 in productivity. And so if you if you do that, 158 00:08:30.439 --> 00:08:31.920 if you give them good candy, then you'll get the 159 00:08:32.000 --> 00:08:32.639 vegetables too. 160 00:08:33.759 --> 00:08:37.840 Yeah, that makes sense. I kind of want to dive 161 00:08:37.840 --> 00:08:41.320 in a little bit more on just why we protect 162 00:08:41.320 --> 00:08:46.159 the secrets because I think we all kind of intellectually know, 163 00:08:47.120 --> 00:08:50.159 but I don't know. When I get into stuff and 164 00:08:50.200 --> 00:08:52.879 I start, you know, dealing with the secrets, it's like, oh, 165 00:08:53.000 --> 00:08:55.360 somebody got access to my like my stripe tokens. I 166 00:08:55.360 --> 00:08:57.840 mean that could be really really bad. 167 00:08:58.039 --> 00:09:01.960 It's really bad. So I like to kind of bucket 168 00:09:01.960 --> 00:09:06.120 the risk in sorry, yeah, bucket the risk into two buckets. 169 00:09:06.519 --> 00:09:08.159 The first is like the risk of the company and 170 00:09:08.200 --> 00:09:10.600 the second is the risk to people. And I think 171 00:09:10.600 --> 00:09:13.159 the company side is like pretty well understood, right, You're 172 00:09:13.159 --> 00:09:14.759 gonna have a pretty if you have a data breach, 173 00:09:14.799 --> 00:09:18.159 you're gonna have a pretty big brand hits and trust hits. 174 00:09:18.440 --> 00:09:21.480 You're gonna probably have some unexpected spend because now you're 175 00:09:21.480 --> 00:09:25.919 investing in like legal pr insurance, you may get sued 176 00:09:25.960 --> 00:09:28.120 as well, because if you're not managing your secrets, and 177 00:09:28.120 --> 00:09:29.759 the secrets are things that get leaked that leads to 178 00:09:29.759 --> 00:09:32.799 a data breach. That's just straight up negligence, and you're 179 00:09:33.240 --> 00:09:36.039 the customers are right or in their rights to sue. 180 00:09:36.200 --> 00:09:38.320 But I think the thing that's most of the time 181 00:09:38.399 --> 00:09:40.279 not talked about is like the cost to real people 182 00:09:40.639 --> 00:09:42.919 at the end day, all these companies that we use 183 00:09:43.039 --> 00:09:44.960 were trusting them to store our data and keep our 184 00:09:45.000 --> 00:09:48.039 private data private. Imagine if like every YouTube video that 185 00:09:48.080 --> 00:09:50.879 you ever saw got out, or every ride you ever 186 00:09:50.919 --> 00:09:52.799 took on an uber, every transaction you ever made on 187 00:09:52.799 --> 00:09:55.480 a credit card all got out, and actually have a 188 00:09:55.480 --> 00:09:59.080 real personal story of like how this has impacted me. Sadly, 189 00:09:59.159 --> 00:10:01.080 I've been part of a couple of data breaches now 190 00:10:01.120 --> 00:10:04.919 from some of the services I've used, and that came 191 00:10:04.960 --> 00:10:08.480 back and really bit me in an interesting way. I 192 00:10:08.639 --> 00:10:10.480 was so I just moved to Austin, Texas a couple 193 00:10:10.519 --> 00:10:14.120 of months ago and from California, and I convinced my 194 00:10:14.159 --> 00:10:16.840 mom to fly out with me and see Austin for itself. 195 00:10:16.879 --> 00:10:19.279 When we were at this barbecue joint and while we're 196 00:10:19.320 --> 00:10:23.039 eating food, I get a call from the Texas Customs 197 00:10:23.039 --> 00:10:26.279 and Borders and they say, hey, we found a packaging 198 00:10:26.320 --> 00:10:29.120 your name that has illegal money and drugs in it, 199 00:10:29.519 --> 00:10:32.720 and we're federally investigating you now. And this is like 200 00:10:32.759 --> 00:10:34.200 the phone call for me where I was like, oh shit, 201 00:10:34.279 --> 00:10:37.480 my life has just ended like from the high really 202 00:10:37.480 --> 00:10:42.120 really quickly, and I was really scared, but like also 203 00:10:42.200 --> 00:10:45.600 kind of like this is odd, like never bought anything 204 00:10:45.600 --> 00:10:50.960 from Mexico before, so like okay, and the back of 205 00:10:50.960 --> 00:10:52.679 my head, I was like, this is a scam, probably, 206 00:10:52.919 --> 00:10:55.480 But then they started rattling off all this information about 207 00:10:55.480 --> 00:10:57.360 me that they knew all the places I'd lived in 208 00:10:57.399 --> 00:11:00.960 the past, locations I had been to, like just so 209 00:11:01.440 --> 00:11:04.000 like a wealth of information about me that I was like, 210 00:11:04.240 --> 00:11:08.080 no one could possibly know this but the government, and 211 00:11:08.120 --> 00:11:10.000 so like I trusted them. I was like, okay, I'm 212 00:11:10.000 --> 00:11:14.000 actually being investigated here. And obviously we get lawyers on 213 00:11:14.039 --> 00:11:16.080 the call as well, like this becomes a really scary 214 00:11:16.639 --> 00:11:19.039 ordeal for all of us. And it wasn't until about 215 00:11:19.080 --> 00:11:22.639 like an hour in that our lawyers picked up that 216 00:11:22.759 --> 00:11:27.000 it wasn't that it was a scam. And but during 217 00:11:27.039 --> 00:11:28.639 that hour we also gave them a whole lot more 218 00:11:28.639 --> 00:11:30.919 information about me, right because we thought we would be 219 00:11:30.919 --> 00:11:33.320 investigated and they were asking questions and so like this 220 00:11:33.360 --> 00:11:36.919 is and like again I'm a CEO of a cybersecurity company. 221 00:11:37.000 --> 00:11:38.960 I'm trained on this, our employees are trained on this, 222 00:11:39.000 --> 00:11:40.720 our legal team is trained on this, and they still 223 00:11:40.720 --> 00:11:43.600 got us for an hour, Right. I can imagine every 224 00:11:43.679 --> 00:11:47.960 day Joe who's not trained could really get it attacked here. 225 00:11:47.960 --> 00:11:49.480 And like, I was lucky that all they do is 226 00:11:49.480 --> 00:11:51.399 get a little bit more information about us. But they 227 00:11:51.399 --> 00:11:53.360 were able to get that information because of other information 228 00:11:53.399 --> 00:11:56.440 that got breached, right, that bought them the credibility to 229 00:11:56.440 --> 00:11:59.360 get new information. But imagine like my mom, my sister, 230 00:11:59.480 --> 00:12:01.360 or anyone all like that who's not gone through any 231 00:12:01.360 --> 00:12:04.360 of that training, does not have legal counsel immediately readily 232 00:12:04.360 --> 00:12:06.240 available to them that can jump on the call for this. 233 00:12:06.559 --> 00:12:08.559 Oh my gosh, I cannot imagine all the information that 234 00:12:08.600 --> 00:12:09.879 I've been given up and all of a sudden, their 235 00:12:09.919 --> 00:12:13.600 bank counts are drained or the credit score is completely ruined, 236 00:12:13.879 --> 00:12:16.600 or whatever it may be. It can get really terrifying, 237 00:12:16.679 --> 00:12:18.840 really fast. And that's why I come back to Like 238 00:12:19.000 --> 00:12:20.759 whenever I see like a data region, it's like X 239 00:12:20.840 --> 00:12:23.879 millions of people's data was just got out. It's like wow, 240 00:12:24.120 --> 00:12:26.440 Like scammers are now like parading in the streets going like, 241 00:12:26.480 --> 00:12:28.279 oh my gosh, I've just got a ton of data 242 00:12:28.320 --> 00:12:29.679 that's going to get me so much more data that 243 00:12:29.679 --> 00:12:31.879 can eventually get me to like the jackput of all 244 00:12:31.879 --> 00:12:34.840 this money or whatever they're trying to go after. And 245 00:12:34.919 --> 00:12:37.399 so there's real people's lives, including mine, that have been 246 00:12:37.399 --> 00:12:39.720 impacted by this, and that is something that's like often 247 00:12:40.039 --> 00:12:42.120 not talked about at all. And so when you're a 248 00:12:42.120 --> 00:12:44.559 developer and you're like, ah, should I put this in 249 00:12:44.600 --> 00:12:46.159 a new follow or not? Or should I secure my 250 00:12:46.200 --> 00:12:48.679 secrets just one token, it's it's just a string. It's like, well, 251 00:12:48.879 --> 00:12:52.159 that string may impact a million people's lives someday, so 252 00:12:52.399 --> 00:12:53.039 to treat. 253 00:12:52.879 --> 00:12:58.360 Right right, Well, it reminds me your story a little 254 00:12:58.399 --> 00:13:01.399 bit of if you're a ghost the Wires, is it? 255 00:13:01.480 --> 00:13:03.639 Kevin Mitnick, Yeah, Kevin Minnick. 256 00:13:03.679 --> 00:13:06.200 Yeah, I've watched the movie about him. I haven't read the. 257 00:13:06.120 --> 00:13:08.399 Book, and see I didn't know there was a movie, 258 00:13:08.399 --> 00:13:11.840 but I read the book. But yeah, he talks about 259 00:13:11.879 --> 00:13:15.279 how effectively, yeah, he gets just a little bit of 260 00:13:15.360 --> 00:13:18.399 information about the next person in the chain, right, and 261 00:13:18.480 --> 00:13:23.039 so he doesn't start with the analyst or whoever, right, 262 00:13:23.519 --> 00:13:29.600 he starts with you know, the low down person on 263 00:13:29.639 --> 00:13:33.360 the totem pole. And then you know, gets enough information 264 00:13:33.399 --> 00:13:35.120 to know who the next person is and then works 265 00:13:35.159 --> 00:13:39.600 his way up and so it's yeah, it was a 266 00:13:39.639 --> 00:13:44.879 fascinating read just from the sense of yeah, you know, 267 00:13:45.559 --> 00:13:49.639 just just anyway. So yeah, so I can definitely see that. 268 00:13:52.200 --> 00:13:54.000 I think. The other thing that I worry about is 269 00:13:54.080 --> 00:13:56.279 like if I have a key to I don't know, 270 00:13:56.360 --> 00:13:59.399 like chat, GPT or something like that, somebody could run 271 00:13:59.480 --> 00:14:02.320 up my bill yep, or you know, somebody gets in 272 00:14:02.519 --> 00:14:06.320 my hosting account and you know, all of a sudden, 273 00:14:06.360 --> 00:14:09.559 I've got you know, they they breach my other stuff 274 00:14:09.600 --> 00:14:13.279 that way, and anyway. 275 00:14:13.720 --> 00:14:15.440 No, I think you're totally right. I mean, there's two 276 00:14:15.440 --> 00:14:17.960 common things that we see all the time. One is 277 00:14:18.080 --> 00:14:21.039 like some source code goes public or some email gets 278 00:14:21.120 --> 00:14:22.519 leaked and that has a secret in itto like an 279 00:14:22.559 --> 00:14:25.240 AWS account, and you'll see one of two things happen immediately. 280 00:14:25.519 --> 00:14:28.320 The first is their bill just like skyrockets in seconds 281 00:14:28.559 --> 00:14:32.679 because now they're using AWS for some other bought attack 282 00:14:32.960 --> 00:14:36.360 or for mining crypto or whatever may. That happens very 283 00:14:36.440 --> 00:14:39.720 very commonly, and it's surprisingly like how fast that that 284 00:14:39.840 --> 00:14:42.039 like that those secrets get found, Like I think there 285 00:14:42.080 --> 00:14:43.559 was like an average set that it's like within three 286 00:14:43.559 --> 00:14:46.120 to five seconds of like a rebook going public if 287 00:14:46.120 --> 00:14:48.679 it has a secret, and even in the history, it 288 00:14:48.720 --> 00:14:51.440 will get found and start getting exploited. So it's like 289 00:14:51.639 --> 00:14:56.200 very like it's it's it's it's insanely quick. And then 290 00:14:56.840 --> 00:14:58.320 the other side of it is now that they have 291 00:14:58.360 --> 00:15:01.519 access to AABS, they can start scanning all your resources. Okay, 292 00:15:01.600 --> 00:15:05.320 what execution environments are set up, what databases are set up? 293 00:15:05.320 --> 00:15:07.240 Can I get access to those database? How privileged to 294 00:15:07.240 --> 00:15:10.039 is this credential? And you start having this ripple fact 295 00:15:10.039 --> 00:15:12.279 where it's like, oh my gosh. Now, especially if it 296 00:15:12.320 --> 00:15:15.039 as like like strong super admin permissions, it can start 297 00:15:15.039 --> 00:15:17.279 creating other credentials. And now you have this like canon 298 00:15:17.279 --> 00:15:18.480 mouse game of like how do I get out of 299 00:15:18.480 --> 00:15:20.000 the system? Could have locked me out of the system? 300 00:15:21.840 --> 00:15:23.559 Are their back doors it's placing in so even if 301 00:15:23.559 --> 00:15:26.159 we remove it's still actually there. Like it gets scared 302 00:15:26.240 --> 00:15:28.200 really quickly. Once they get into the system, it's very 303 00:15:28.279 --> 00:15:29.120 very hard to get them out. 304 00:15:29.279 --> 00:15:32.679 Yeah, this always makes me wonder like because there's two 305 00:15:32.720 --> 00:15:35.320 parts of this, right, Like we have the secrets and 306 00:15:35.320 --> 00:15:38.639 then there's like the whole encryption aspect of it, which 307 00:15:38.679 --> 00:15:40.360 is on separate piece of the. 308 00:15:40.360 --> 00:15:44.360 Discussion when you say the encryption aspect of it, is 309 00:15:44.360 --> 00:15:46.480 that like how you're securing your secrets or is that 310 00:15:46.559 --> 00:15:47.519 like encryption keys. 311 00:15:47.519 --> 00:15:49.879 Well, you're I mean, ultimately, what you're using a lot 312 00:15:49.919 --> 00:15:53.080 of the secrets for I would imagine is to encrypt 313 00:15:53.200 --> 00:15:58.000 something or even to Yeah, I mean to encrypt stuff. 314 00:15:59.320 --> 00:16:01.960 You're either hiding stuff or accessing stuff is usually what 315 00:16:02.000 --> 00:16:02.440 you're doing. 316 00:16:02.840 --> 00:16:04.840 Based on the data that we have from Doppler, we 317 00:16:04.879 --> 00:16:08.159 can't see customer secrets at all, but we can get 318 00:16:08.159 --> 00:16:10.120 an auto report of the names of the secrets they 319 00:16:10.200 --> 00:16:14.000 use if they give a set permission, and from the 320 00:16:14.080 --> 00:16:17.679 data we have, it's like ninety percent of the of 321 00:16:17.840 --> 00:16:21.159 the sensitive secrets that we put in Doppler and customers 322 00:16:21.200 --> 00:16:23.320 evan ability say this is sensitive or this is not 323 00:16:24.759 --> 00:16:27.279 is actually like access token, so it's not encryption tokens. 324 00:16:27.919 --> 00:16:29.519 So it's like if you get that stripe key, you 325 00:16:29.519 --> 00:16:31.600 have it all, like you have every customer's CARDIT card 326 00:16:31.600 --> 00:16:34.480 and bank counter. Yeah in there, there's no extra layer 327 00:16:34.519 --> 00:16:34.960 of protection. 328 00:16:37.840 --> 00:16:42.320 Yeah, that's all. I always want to One of the 329 00:16:42.320 --> 00:16:45.360 the biggest things that I always hope for when I'm 330 00:16:45.480 --> 00:16:49.039 like getting a new vendor, like access token or whatever 331 00:16:49.080 --> 00:16:51.519 it may be, is that they like have some kind 332 00:16:51.519 --> 00:16:55.840 of like you know, white list stability with like either 333 00:16:55.879 --> 00:16:59.279 their domain like a domain key, or some kind of 334 00:16:59.320 --> 00:17:04.559 identify that can be like uh, you know, securely matched 335 00:17:04.920 --> 00:17:09.000 when the handshake is made using their service from whatever 336 00:17:09.039 --> 00:17:13.759 server that you're end up using. And it's in my 337 00:17:13.839 --> 00:17:17.680 experience like that it's very honestly very rare, yes, that 338 00:17:17.880 --> 00:17:21.680 that actually happens. And so I under that makes a 339 00:17:21.720 --> 00:17:23.640 lot of sense to you saying that your customer is 340 00:17:23.720 --> 00:17:27.799 like mostly store like access tokens, because most vendors don't 341 00:17:28.039 --> 00:17:31.720 give you that like white listability and like handshake process, 342 00:17:31.799 --> 00:17:35.799 which is like very important, right, I think causes a 343 00:17:35.799 --> 00:17:37.279 lot of the breaches when it's not there. 344 00:17:38.759 --> 00:17:41.079 Agreed. I do think that the world is changing, it's 345 00:17:41.079 --> 00:17:43.160 just gonna be very very slow. So like you can 346 00:17:43.200 --> 00:17:46.279 see this in passwords today, where we're going from passwords 347 00:17:46.279 --> 00:17:49.759 to pass keys, so anyone familiar past caise. It's basically 348 00:17:49.759 --> 00:17:51.599 like you can sign into a website with like your 349 00:17:51.599 --> 00:17:54.960 face or touch id and you never had to put 350 00:17:54.960 --> 00:17:57.200 in a password. It's a password passwordless world. And the 351 00:17:57.240 --> 00:17:59.799 way that's working is for cryptography, you have like a 352 00:17:59.799 --> 00:18:02.799 fing a print that leads to a cryptographic signature that 353 00:18:02.839 --> 00:18:06.799 can be used authenticate yourself. And that thing that's happening 354 00:18:06.839 --> 00:18:08.920 in passwords is now starting to happen in secrets with 355 00:18:09.000 --> 00:18:11.799 identity based authentication. And so like the kind of picture 356 00:18:11.839 --> 00:18:14.880 that we can start to see happening very very slowly 357 00:18:14.960 --> 00:18:17.440 in like Doppler's job is to help move this along, 358 00:18:18.200 --> 00:18:21.200 help move the industry along, is to have like this 359 00:18:21.319 --> 00:18:23.359 bridge of connection. So like on one side, you have 360 00:18:23.519 --> 00:18:28.559 like your AWS GCP execution environment and that has an 361 00:18:28.599 --> 00:18:31.799 identity already today, and then you compare that with Doppler, 362 00:18:32.240 --> 00:18:34.359 and now you're authentic by the fact that you're in 363 00:18:34.400 --> 00:18:37.400 that easy two instance or you are now automatically authenticated 364 00:18:37.440 --> 00:18:40.000 to Doppler, and then eventually Doppler will have the connection 365 00:18:40.079 --> 00:18:43.039 of now that you're authenticated with Doppler, you're automatically authenticated 366 00:18:43.079 --> 00:18:45.799 to Stripe. There's no more apike needed. We are all 367 00:18:45.799 --> 00:18:49.839 cryptographically authorizing each other process chain or this high way 368 00:18:49.880 --> 00:18:52.839 of authentication. And that's kind of like the dream state 369 00:18:52.839 --> 00:18:54.400 that we're going to be getting to over the next 370 00:18:54.480 --> 00:18:56.160 couple of years. It's going to take a lot of 371 00:18:56.200 --> 00:18:57.559 work of working with partners because now they have to 372 00:18:57.599 --> 00:19:00.880 commit strike Twilio and so many other providers to enable this, 373 00:19:01.000 --> 00:19:03.000 and we're gonna try to make diseases possible, but it's 374 00:19:03.000 --> 00:19:05.400 gonna be it's gonna be an alcohol battle. But if 375 00:19:05.440 --> 00:19:07.319 we can do that, we're a secretless work. 376 00:19:07.759 --> 00:19:10.960 Is there an open standard that is following this process 377 00:19:11.039 --> 00:19:11.279 or no? 378 00:19:12.160 --> 00:19:15.480 There is a little bit of an open standards mostly 379 00:19:15.519 --> 00:19:18.200 between like a WUS and X like Doppler or whatever 380 00:19:18.279 --> 00:19:21.279 may be, but there's no open standard on or even 381 00:19:21.319 --> 00:19:26.720 a standard altogether on the like secrets Manager to third 382 00:19:26.720 --> 00:19:30.279 party service, x Stripe, Petulio. So I think our goal 383 00:19:30.440 --> 00:19:32.200 is we're going to probably try to create an open 384 00:19:32.200 --> 00:19:35.480 standard that both sides adhere to so that if you're 385 00:19:35.480 --> 00:19:38.440 anywhere in this chain you can directly you can just 386 00:19:38.680 --> 00:19:40.680 plug in very quickly. And I think we'll probably have 387 00:19:40.759 --> 00:19:44.200 to build SDKs for like every primary language and Kubernetes 388 00:19:44.200 --> 00:19:46.759 and a bunch of other infrastructure toolings who also just 389 00:19:46.759 --> 00:19:47.720 like work set up the box. 390 00:19:49.480 --> 00:19:53.480 So, I mean, I I find this all really fascinating, 391 00:19:54.599 --> 00:19:59.480 But I guess my question is what kinds of mistakes 392 00:19:59.519 --> 00:20:02.599 might I be now or you know, what kinds of 393 00:20:02.640 --> 00:20:05.240 things should I be considering doing now to protect these 394 00:20:05.240 --> 00:20:09.720 secrets because yeah, you know, what you're talking about sounds brilliant, 395 00:20:09.759 --> 00:20:12.880 but it doesn't exist yet. Yeah, I'm just I'm a 396 00:20:12.920 --> 00:20:15.240 little worried that. Okay, we're going to talk the rest 397 00:20:15.279 --> 00:20:17.559 of this time about futuristic stuff, and then I'm gonna 398 00:20:17.599 --> 00:20:19.519 be Yeah, I'm gonna miss something. 399 00:20:20.039 --> 00:20:22.759 All right. So I have four questions that I think 400 00:20:22.839 --> 00:20:26.079 every person listening should ask themselves. And it's like basically 401 00:20:26.160 --> 00:20:27.920