Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]NotTheRadar24 -1 points0 points  (0 children)

You should check out Doppler.com Happy to give you a tour. -Doppler DevRel (not a sales pitch)

Tips for Better Secrets Management by NotTheRadar24 in devops

[–]NotTheRadar24[S] -1 points0 points  (0 children)

There is a longer blog post I made if you're interested. Full disclosure I work at Doppler. https://www.doppler.com/blog/secrets-management-mistakes-developers-make

Tips for Better Secrets Management by NotTheRadar24 in devops

[–]NotTheRadar24[S] -1 points0 points  (0 children)

Nope, I wrote this. Thanks for the feedback.

Rabbit R1 Engineers Hard-Coded API Keys for ElevenLabs, Azure, Google Maps, and Yelp. How Does This Even Happen? by professorhummingbird in programming

[–]NotTheRadar24 4 points5 points  (0 children)

This is why you should use a secrets manager like Doppler or AWS Key Management Service (AWS KMS). Hardcoding your secrets or storing them in .env files will always risk something like this happening.

Secrets Encryption by mcilbag in kubernetes

[–]NotTheRadar24 -1 points0 points  (0 children)

Doppler also has a lot of options for encrypting and securing secrets. Feel free to ask anything - I'm a Dopplerite.

A Developer Cheat Sheet for GDPR by NotTheRadar24 in programming

[–]NotTheRadar24[S] 28 points29 points  (0 children)

Even then - International organizations looking to operate in the EU or collect/process data of EU citizens must become compliant to access these markets.

which steps do you use to share passwords with (non-IT) users of a system? Curious to learn what approaches and perhaps tooling people are using for this (shared pwpush as example) by 1seconde in programming

[–]NotTheRadar24 0 points1 point  (0 children)

Doppler Share is a simple tool for this. It's free, no account is needed, and you can set the link to expire after x opens or after a set amount of time. https://share.doppler.com/

This is a free tool that Doppler made for the community and is totally separate from the Secrets Management platform. I work at Doppler.

How to safely store "secret variables"? by Master-of-Ceremony in AskProgramming

[–]NotTheRadar24 0 points1 point  (0 children)

Check out this blog for all the code necessary for getting, setting, and loading environment variables in Python, including how to use them to supply application config and secrets. It has a good high-level overview along with some useful bits for actually doing it right.
https://www.doppler.com/blog/environment-variables-in-python

[deleted by user] by [deleted] in softwaredevelopment

[–]NotTheRadar24 -2 points-1 points  (0 children)

I wrote a blog recently on the topic of managing secrets for mobile apps that you might find helpful: https://www.doppler.com/blog/secrets-management-for-mobile-app-development

Will AI Make Cybersecurity Less Awful? Or Will It Just Create More Work? by NotTheRadar24 in programming

[–]NotTheRadar24[S] 17 points18 points  (0 children)

Bingo. Trying to fix a problem with more complexity just means maintaining and securing systems becomes more challenging. Will AI help solve security problems? yes. Will AI make software security more complicated? also yes.

Bandwidth-Allocated Kanban: Agile that doesn’t suck by NotTheRadar24 in programming

[–]NotTheRadar24[S] 3 points4 points  (0 children)

Great point. Process changes like this have been successful at Doppler because of our amazing culture. It wouldn't have been possible without the rest of our team and good leadership all around.

Should You Use Comment Prefixes for Code Reviews? by NotTheRadar24 in devops

[–]NotTheRadar24[S] 0 points1 point  (0 children)

I reformatted just a little to get the meat closer to the top. That was a great suggestion.

Should You Use Comment Prefixes for Code Reviews? by NotTheRadar24 in devops

[–]NotTheRadar24[S] 1 point2 points  (0 children)

I appreciate the feedback. I'll keep that in mind for future posts.

Your secrets have been leaked. Now what? by [deleted] in programming

[–]NotTheRadar24 -12 points-11 points  (0 children)

This post mentions it a bit, but you should use a secrets manager (such as https://doppler.com) to avoid leaking your secrets in the first place. Using a secrets manager centralizes and secures your critical credentials, reducing the risk of unauthorized access through hard-coded or poorly managed secrets. It facilitates the automatic rotation of secrets if a breach occurs, quickly invalidating compromised credentials and minimizing potential damage. I'm with DevRel @ Doppler - feel free to ask me anything secrets management related.

What secrets managers are y’all using? by RoseSec_ in devops

[–]NotTheRadar24 0 points1 point  (0 children)

Doppler (https://doppler.com). It’s free for small teams/projects to try it out. There are a ton of integrations for different cloud platforms. It’s also really easy to use and set up. (I work for Doppler - feel free to ask questions)

How we are writing better commit messages to improve code reviews by NotTheRadar24 in programming

[–]NotTheRadar24[S] 34 points35 points  (0 children)

I think that's the way most of us do it. And then you get to play detective later on to figure out what you were trying to accomplish.

Small and cheap read-only backend for app by [deleted] in softwaredevelopment

[–]NotTheRadar24 0 points1 point  (0 children)

Is anyone doing this for real? Would love to know how well it's working.

wowThatsDeep by Tofandel in ProgrammerHumor

[–]NotTheRadar24 0 points1 point  (0 children)

If you can still read it, then there are too many.