Docker Secrets VS Doppler

Docker has revolutionized the way we build, ship, and run applications. However, when it comes to handling sensitive information like passwords, API keys, and certificates, proper security measures are crucial. Docker secrets provide a secure and convenient way to manage sensitive data within containers. - Source: dev.to / 11 months ago

Are you using swarm mode? If so, you might want to consider using secrets. Source: over 1 year ago

Have a look here https://docs.docker.com/engine/swarm/secrets/. Source: over 1 year ago

To use a secret you have to map it during the creation of a service (in this case redis like in the documentation:. - Source: dev.to / over 1 year ago

Using docker secrets: This seems a no brainer, however, I haven't yet fully understood the documentation entry. For example, after reading this entry I still don't know if I can use docker secrets along with my strategy of having a separate .env file containing the environment variables (and the sensitive ones being handled by docker secrets). I have to enable swarm mode and I don't fully understand the... Source: over 1 year ago

If you’re asking yourself where you should be keeping secrets, you should be using a secrets manager. Two examples include Doppler (https://doppler.com). - Source: Hacker News / 2 months ago

I'm a developer advocate at Doppler (https://doppler.com), and we are a secrets (API keys, certs, etc.) management platform. I create content that's aimed at informing readers about our product. One of the biggest challenges I've encountered is convincing developers to trust our platform in a world of zero trust. Since we store important and sensitive data, we are often asked about how we encrypt data and what we... - Source: Hacker News / 2 months ago

Doppler (https://doppler.com) is my preferred tool for storing API keys. It centralizes where you manage all of your environmental variables and makes it so you never risk exposing your API keys in a code repo. There's a CLI tool that makes it easy to use all of your environment variables while you're developing and a ton of integrations for wherever you prefer to deploy your... - Source: Hacker News / 3 months ago

It seems like they made a lot of assumptions that something like this wouldn't happen. They assumed employees would never leak secret information, and that their GitHub repos would never be exposed. They could've used https://doppler.com) and never had this problem. It's a little too easy to get comfortable thinking things work well the way they are. This should be a warning to other companies to seriously... - Source: Hacker News / 3 months ago

It's absolutely nuts that a company like Mercedes-Benz isn't using some type of secrets manager (like https://doppler.com or AWS Secrets Manager) to restrict access to this type of data. It also seems like they have extremely bad practices if they're pushing passwords and keys to code repos. - Source: Hacker News / 3 months ago