Truffle Security Recommends Doppler For Remediating Leaked Secrets
Keeping your secrets secure is not just about secrets management, but detecting accidental leaks when they occur and fixing them fast.
If an engineering leader asked you "How we are protecting ourselves against the accidental leakage of secrets?", what would you say?
It's not an easy question to answer, especially for those more on the Developer side of DevOps who often don't have a background or focus on security.
The answer we see emerging is a two-pronged offensive strategy:
- Secure Secrets Management
Sensitive data such as API keys and database credentials must be stored in an encrypted, audited, and accessed controlled secrets manager.
- Secrets Leakage Detection Continuous scanning of environments for leakage of credentials in places such as Slack channels, Git repositories, and other internal systems (e.g. task trackers and Wiki's)
While Doppler addresses secrets management, Truffle Security, the company behind the popular free and open source secrets scanner TruffleHog, is on a mission to detect and prevent the accidental leakage of secrets and credentials.
Dylan Ayrey, Co-Founder of Truffle Security recently published a blog post explaining why Doppler is their recommended for solution for enterprise companies looking for an instant remediation strategy once secret leaks are detected and no secrets manager is present:
There’s a lot of different secrets management solutions out there, but many of them aren’t very user friendly, and can be difficult to set up. One we’ve had our eye on recently is Doppler.
It's not just about mitigating the risks of secrets being leaked, as that will inadvertently happen, but what is critical, is how fast you can respond, revoke, and roll any leaked credentials. Again, from Dylan:
The more approachable and usable your secrets management solution is, the quicker leaked keys can be rotated out, and the less exposure time they have to bad actors.
Truffle Security and Doppler are a formidable team in keeping your secrets secure, giving attackers the least possible chance of getting their hands on valid credentials before their leakage has been detected and credentials revoked.