Strengthening Security and Unlocking Efficiency: How Doppler Transformed BODi's Configuration and Secrets Management

Customer Background

The Beachbody Company, now rebranded as BODi, is a pioneer in digital fitness and wellness with over two decades of crafting innovative in-home fitness programs and nutritional supplements. In response to growing post-pandemic mental health and weight loss challenges, BODi has embarked on a mission to create the Health Esteem category, moving away from the traditional fitness and diet industry's emphasis on themes of self-criticism and perfection. BODi's platform advocates a positive approach to health and well-being and provides personalized fitness and nutrition programs, carefully developed nutritional supplements, and a focus on mindset development.

The Challenge

BODi's Digital Engineering team plays a crucial role in delivering and maintaining fitness programs through their streaming applications. To maintain its market leadership and provide an exceptional experience for its customers, the team needs to continuously develop new software in addition to managing an ever-expanding digital infrastructure. This infrastructure encompasses databases, APIs, and various microservices.

As BODi's content library grew, the team faced a complex challenge: managing configuration values and secrets effectively. Initially, they relied on a tool that they’d developed in-house. As BODi scaled, this tool accrued technical debt and became inadequate to support their evolving needs. It required extensive engineering time and effort to maintain, debug, and develop new features. Moreover, keeping up with current security standards became a significant burden for the team. Manual management of configuration changes was time-consuming, diverting resources from strategic projects and impacting the team's focus on building customer-facing applications. “We were very unhappy with our solution, and the maintenance required on it,” says Blake, a Senior Engineering Director at BODi. “We build software for our customers. We don't want to be in the world of building software that already exists.”

Additionally, using AWS Parameter Store for configuration management had its limitations. It lacked user-friendly workflows for updating values, managing permissions, and auditability. The team needed a solution that could handle complex requirements, such as inheriting secrets between environments, sharing common secrets across projects, and efficiently diffing and identifying missing configurations to prevent application failures.

Locally, .env files were used in development and sometimes in production deployments. However, these files introduced security risks due to inadequate access control and versioning. As Blake points out, “...secrets weren’t actually that secret”. Any misconfigurations or downtime of the homegrown tool during deployment could disrupt their entire deployment process.

The Solution

Blake and his team discovered Doppler on the Vercel marketplace when they were planning to build a Next.js application. Doppler stood out as a secure and innovative solution for managing Vercel configuration variables and secrets.

As the BODi team tested Doppler, they realized it addressed all of their pain points. Doppler quickly demonstrated its value by transforming their secrets and configuration management practices, delivering numerous benefits:

Secrets Orchestration at Scale with Strengthened Resiliency

A key factor in choosing Doppler was its integration with AWS Parameter Store and Secrets Manager. This integration not only improved configuration workflows and deployment processes but also strengthened the resilience of their software stack. The secrets remained in AWS, and Doppler served as a control plane, eliminating the risk of failure if essential parameters needed for daily operations were unavailable. Real-time syncing enabled the team to dynamically load values into memory, reducing reliance on .env files and enhancing service reliability.

"With Doppler’s syncs, we are in control and own our secrets for our services. Our services are not relying on a third party or Doppler to operate and run.”

Streamlined Configuration Management with Observability

Doppler's inheritance model, featuring branching, revolutionized the management of multiple environments with distinct configurations. The ability to inherit, modify, and promote specific values without recreating entire configurations simplified the management of ephemeral environments. Using Doppler’s observability features such as log forwarding to Datadog and version control, coupled with robust role-based access controls, empowered BODi’s QA team to self-serve without engaging Engineering. Simply using the dashboard, they could easily troubleshoot misconfigurations and identify issues before they propagated upstream. “The ability to perform diffs, access logs, and view audit trails, all with version history, is very important because we want to know who changed what and when and roll back changes if necessary,” noted Blake.

The team integrated Doppler into their configuration processes swiftly, aligning it seamlessly with their existing workflows. They deployed an automated script that combined the Doppler CLI and AWS CLI to export Parameter Store configurations into Doppler projects or environments.

“We're able to integrate Doppler very quickly without changing much of the applications deployment process and our existing workflows. We can just change some configurations on the deployment and we're able to start using Doppler almost right away. The biggest benefit we see of Doppler is using it as our configuration front end.”

Improved Local Development Experience

Additionally, local development became much more efficient and secure as developers no longer needed to grapple with .env files. “With Doppler, engineers don't have to create .env. files,” says Blake. “Projects no longer require sample .env files for developers to fetch keys from. They can use the Doppler CLI and run the application. Not having to search for keys from SSM, or request them from DevOps makes the developer setup time much quicker."

Intuitive User Experience

The user-friendliness and versatility of interacting with secrets within Doppler, from its UI to API support, were particularly beneficial for the QA team. They found Doppler's intuitive design invaluable for testing and editing configurations across environments. Its clean interface made navigating through version histories, rolling back configurations, and managing user permissions straightforward and efficient.

“The ease of use and intuitive nature of Doppler’s UI were major factors in our decision to adopt it. Doppler’s UI is world’s better than other providers. It's much more intuitive making Doppler an absolute pleasure to use.”

Doppler’s excellent and comprehensive documentation stood out for its clarity and consistency. It expedited evaluation and streamlined Blake’s team's onboarding process. Blake points out, “Doppler’s documentation is next level. We rarely have a question that isn't covered in it. Maintaining clear, consistent, and up-to-date documentation is always a challenge in engineering. Doppler’s docs are easy to navigate and always up to date.”

The Impact

Enhanced Engineering Productivity

Through the implementation of Doppler, the BODi team achieved a significant boost in engineering productivity. The automation of secrets and configuration operations translated into valuable time savings, allowing developers to refocus their efforts on building and managing applications, rather than tending to internal systems.

"From a cost savings perspective, most of the savings are from time saved on supporting our self-built hosted application and secrets management platform. But from a development life cycle, the biggest efficiencies are from developers not having to manage their own .env files locally."

Lower Total Cost of Ownership (TCO) and Substantial ROI

By retiring their custom-built tool, BODi’s team eliminated a significant drain on their engineering resources. It allowed them to focus on what they do best - supporting the infrastructure for their applications.

“The engineering and DevOps efforts spent supporting our own custom installation compared to what we're paying to Doppler unlocked substantial cost savings for BODi. Doppler is software that fits the bill and fills all of our requirements without the cost of building, maintaining, and hosting it ourselves. It is solving the problem that we tried to solve and are doing it 10 times better and they're making money doing it.”

Improved Security Posture with Granular Permissioning

Doppler empowered Blake’s team to implement fine-grained access controls and restrict access to highly critical production environments. Previously, Parameter Store lacked the granular access permissions necessary for team members to oversee configurations in lower-level environments. This required them to involve DevOps teams for any changes. The process, managed through tickets, proved inefficient and time-consuming. Doppler streamlined the entire workflow. It facilitated the creation and modification of configurations in development and other lower-level environments without the need for a formal release management process involving DevOps. This transformation not only enhanced security but also led to a significant reduction in turnaround times and substantial cost savings.

“Doppler changed the security landscape of our configuration management. It just made it so much easier. We’re now able to lock down access and only allow the right individuals to have production-level access. The process changed from submitting and coordinating tickets and waiting for another team to pick up the request to making changes seamlessly within the UI. From hours or even days to minutes and seconds. It is a significant cost and time savings for our QA team."

The Partnership Ahead

Implementing Doppler Org-Wide

In the next phase of the Doppler and BODi partnership, Blake plans to implement Doppler across the entire Digital Engineering infrastructure, completely retiring their homegrown configuration management tool. This strategic initiative reflects BODi's commitment to leveraging Doppler's capabilities to their fullest extent. As Blake explains, "We do have an initiative for 2024 of rolling out Doppler to over fifty systems across five of our teams. Then, even further, in 2025, we will extend the implementation to the entire consumer-facing engineering organization of Beachbody. The end goal is to have the entire consumer-facing engineering division of Beachbody normalized on Doppler.”

Removing Long-Lived Credentials

Blake is eager to implement best practices for reducing long-lived credentials and automating secret rotation for highly sensitive systems such as databases and production environments. While rotation at BODi was previously a manual process, the team now recognizes the need to automate it and plans to operationalize it. “We have considered using AWS, but I think that when we start to implement those capabilities, we absolutely will be using only Doppler,” notes Blake.

“Doppler has a really good integration and a good API that provides a clear framework for building an automated key rotation system.”

Continuous Partnership and Customer Success

Ultimately, the partnership between Doppler and BODi is defined by the central focus on delivering value. In Blake's words, “The Doppler team has been outstanding. From our legal team working with their legal team for the contract, to their engineering support and account management, there has been nothing but a positive experience. It's clear that they know what they're doing and care about our problems, process, addressing implementation challenges, and enhancing their product to deliver more features.”

Reflecting on the possibility of exploring alternative solutions, Blake concludes: “You have other competitors but we haven't found any that would check all the boxes that Doppler has.”