Scattered Secrets VS Doppler

I’m in the same boat — not a company, just an individual doing the separate-email-per-site thing. I contacted Scattered Secrets ( https://scatteredsecrets.com ) about a year ago with a similar question, being too big for an individual use case but too small for an organizational one. They didn’t have a perfect solution but were willing to work with me to figure something out. I’m sure Troy gets a lot of email, but... - Source: Hacker News / 5 months ago

Https://scatteredsecrets.com/ - allows you to search data breaches to see if your password has been compromised. Source: almost 2 years ago

If you use the same email address across many websites, I can't recommend Scattered Secrets enough. You have to make an account for each email address you want to check, but it will spit back at you every leaked password you've used with that email in cleartext. Source: about 3 years ago

If you’re asking yourself where you should be keeping secrets, you should be using a secrets manager. Two examples include Doppler (https://doppler.com). - Source: Hacker News / 2 months ago

I'm a developer advocate at Doppler (https://doppler.com), and we are a secrets (API keys, certs, etc.) management platform. I create content that's aimed at informing readers about our product. One of the biggest challenges I've encountered is convincing developers to trust our platform in a world of zero trust. Since we store important and sensitive data, we are often asked about how we encrypt data and what we... - Source: Hacker News / 2 months ago

Doppler (https://doppler.com) is my preferred tool for storing API keys. It centralizes where you manage all of your environmental variables and makes it so you never risk exposing your API keys in a code repo. There's a CLI tool that makes it easy to use all of your environment variables while you're developing and a ton of integrations for wherever you prefer to deploy your... - Source: Hacker News / 3 months ago

It seems like they made a lot of assumptions that something like this wouldn't happen. They assumed employees would never leak secret information, and that their GitHub repos would never be exposed. They could've used https://doppler.com) and never had this problem. It's a little too easy to get comfortable thinking things work well the way they are. This should be a warning to other companies to seriously... - Source: Hacker News / 3 months ago

It's absolutely nuts that a company like Mercedes-Benz isn't using some type of secrets manager (like https://doppler.com or AWS Secrets Manager) to restrict access to this type of data. It also seems like they have extremely bad practices if they're pushing passwords and keys to code repos. - Source: Hacker News / 3 months ago