Retraced's Secrets Management Transformation: 200% ROI and 80% Onboarding Time Cut with Doppler

Customer Background

Retraced, an innovative European startup, stands at the forefront of revolutionizing the fashion and textile industry.

Their award-winning sustainability platform empowers fashion and textile companies, regardless of their size, to digitize supply chains, efficiently manage compliance data, and achieve full transparency down to the raw materials. As a pioneer in scalable traceability and sustainability compliance management, Retraced is on a mission to expedite and humanize the global fashion industry's commitment to responsible practices for the planet.

The Challenge

Over the past four years, Retraced has experienced rapid growth, leading to a complex challenge in effectively managing environment variables and secrets across its expanding infrastructure.

With a diverse team of developers collaborating across multiple environments, ensuring consistency in configurations and machine credentials while maintaining data security became a crucial concern. Prior to adopting Doppler, Retraced engineers relied on .env files to store secrets and configuration values for their applications. These files lacked version control, often resulting in difficulties with change management when updates were made or when new engineers were brought on board. Secrets were stored in various systems like CircleCI, GitHub Actions, and Oracle Cloud Vault, causing complexity and a lack of visibility regarding their usage, users, and storage locations. This sprawl of secrets posed an increasing security risk due to potential exposure or hardcoding of sensitive credentials.

"Copying .env files is getting old pretty quickly. As we put more and more environment variables, it’s more and more micro-services, it's more and more in .env files, it's more and more headache. So we had to look at Doppler to see how we can automate this and make it secure."

Furthermore, the possibility of disruptions or downtime due to mishandled environment variables heightened the need for a resilient solution. Their enterprise customers worldwide required a partner with robust security controls to meet their stringent compliance demands.

The Solution

Retraced recognized the growing necessity to harden their security posture and automate their secrets management workflows.

Doppler not only fulfilled their requirements but also enabled them to extend its capabilities through its user-friendly API support, developer-oriented CLI workflows, and extensive integrations, especially with Terraform. They experienced the following advantages:

Centralized secrets and configuration management:

With Doppler Retraced centralized every secret and environment variable used in the software development lifecycle. The seamless integrations facilitated the deployment of standardized configurations across microservices and reduced the risk of configuration-related errors.

In local development, the Doppler CLI provided Retraced developers with a first-class experience. The ability to inject environment variables directly into their processes was transformative, eliminating the reliance on insecure .env files and cumbersome manual configuration updates.

"The Doppler run command is a huge time saver, and we’re using it every day to load environment variables. We didn't have any more .env files. So we are always using Doppler, and we are forcing everyone to use it." says Edoardo Davini, an Engineering manager who leads the Infrastructure team. "This also shortened onboarding to get code up and running by more than 80% and completely eradicated errors due to mismatched .env files across developers."

Enhanced security, auditability, and reliability:

By centralizing all secrets from various microservices in a single location, Doppler significantly strengthened Retraced's security posture and provided improved visibility into secrets. The ability to maintain a library of secrets allowed Edoardo and his team to easily revoke, rotate, and manage access to these secrets—a crucial advantage that was previously unavailable. Doppler's ease of use outperformed competing solutions on the market that were either too complex or cost-prohibitive. Unauthorized access and data breaches resulting from mismanaged environment variables were effectively mitigated, leading to greater system reliability.

"We are doing really amazing things. Right now, there’s no human interaction during the creation of a secret. We can rotate them thousands of times without even seeing them. We have reduced the leakage post possibility of that secret to pretty much zero. And this is exactly what I want to achieve everywhere. Your Terraform integration is pretty good."

Secure and flexible deployment process:

The integration with Kubernetes empowered teams to dynamically manage databases, core components of any software solution, in different CI/CD environments at scale. This integration enhanced redundancy and high availability, critical prerequisites for compliance and security. In addition, the required rotation for common compliance standards and on-demand rotations for employees with previous elevated access leaving the company is down from weeks to hours.

The Results

By deploying Doppler and leveraging its out-of-the-box SecretOps workflows, Retraced empowered its engineering team to work on strategic, value-additive work, as opposed to tedious and time-consuming manual tasks.

Operational efficiency and improved engineering productivity:

Automated deployment with Kubernetes led to significant time savings of engineering time and faster deployment processes.

"The game changer for us is the Kubernetes integration. We implemented the operator in one afternoon. It was working literally out of the box. Rotations of secrets do not require any manual intervention, but literally, a button click and 15 seconds to rotate all affected pods – as opposed to error-prone manual pod restart or deployment through CI/CD which can easily cost 30 minutes from development to production. It saved us ages, eons of time."

Enhanced developer experience:

.env files would not be missed at Retraced. Doppler not only replaced them entirely, but also provided the team with the flexibility to build their own SecretOps workflows for rotation and automation with Terraform.

“Doppler has been extremely useful because we no longer have to rely on local .env files, the distribution of which becomes exponentially more difficult as the number of developers increases. With 20 developers, implementing a change in a .env file used to require 8 hours of work for all parties involved and occurred approximately twice a month. Now, this process is instant and failsafe and avoids the cost of wasted work resulting from people working with outdated .env files."

Reduced risk and improved reliability:

Centralized secrets management instilled confidence in the team by reducing the risk of unauthorized access and data breaches.

"As a platform that manages customer compliance, our internal compliance requirements are of utmost importance. Doppler's regular and on-demand secret rotation, along with proper group and user provisioning featuring concrete scope and role-based access controls, elevated our secret management to a new level. Adding Doppler to our infrastructure not only provided a payback period of 3 months but also delivered an impressive ROI of 200%, all while offering priceless peace of mind from the outset."

Conclusion

The Retraced and Doppler partnership is just beginning. In the next phase, the teams will be further enhancing disaster recovery and automating governance for the distributed and growing Retraced team. This transformative journey is driven by a commitment to partnership, and we look forward to achieving new milestones together.