DevOps Articles

Secrets Management: Doppler or HashiCorp Vault?

Security-minded developers realize that scattered and ad hoc credential storage methods such as.env files pose significant security risks and are difficult to manage across applications in different environments. If the term “secrets manager” is new to you, it’s a centralized system for storing sensitive information, such as API keys, database credentials, or even files (e.g. certificates and private keys).

Doppler and Vault offer tight integrations with cloud providers and the flexibility to choose the underlying secrets storage backend, with Vault offering additional options compared with Doppler, such as database engines and Consul.

Getting started with Doppler is straightforward: The benefit of Doppler being designed as a managed service means the only thing developers need to do is add secrets to a project, then use the CLI to fetch those secrets.

Using sample code from Vault’s static secrets tutorial, let’s create an API key as a single secret: # 2 Create the secret: # 3 Delete the secret file: # 4 Fetch the secret: # 5 List all secrets for my-app in development: #6 Delete the secret: Creating, fetching, and listing secrets with the Vault CLI is straightforward, with namespaces providing the best option of segmenting secrets by environment for Vault Enterprise customers.