Whatnot, a dynamic live shopping platform, is transforming the e-commerce experience.
With daily live stream auctions, it provides a unique space for a growing community to buy, sell and connect around the unique items they love. Powered by advanced technology and a zest for connecting enthusiasts, Whatnot's prominence in the new wave of e-commerce has surged, becoming the fastest-growing online marketplace in the United States.
However, with the expansion of its user base and services, the infrastructure also ballooned. This led to an escalating number of secrets and configurations essential for interconnecting various components. As Whatnot’s infrastructure continued to grow, managing these credentials became a complex endeavor. This not only decelerated development but also posed potential security threats, especially for local development and CI/CD processes. And so they began their quest for a superior solution.
With the surge in Whatnot’s services and environments, managing an increasing volume of secrets and configurations became paramount.
The team was in search of management and orchestration capabilities as they grappled with:
Enter Doppler. Adopted by the Whatnot engineering team, Doppler emerged as the panacea, serving as a centralized hub for secrets and configuration values.
Features like GitOps for secrets management, Role-Based Access Controls (RBAC), and versioning fortified control over the entire process. Local development saw a major boost with Doppler's CLI, sparing engineers from the intricacies of managing and syncing environment variables. From a security standpoint, the self-serve functionality, log forwarding, and audit features provided enhanced visibility and control.
Key solutions incorporated included:
Doppler’s SecretOps platform delivered transformative benefits for Whatnot, both from a security standpoint and developer productivity:
1. Enhanced Security Posture:
"Doppler has now become our single source of truth for secrets, spanning across 14 systems, enhancing our visibility, versioning, and access controls."
2. Remarkable Productivity and Efficiency Gains:
"Before Doppler, our engineers were spending roughly 5 hours every week managing secrets. Now, it's down to 5 hours or less per month”
3. Robust Automation:
"Doppler's third-party integrations have revolutionized our approach. Now, we can orchestrate secret updates across different secrets managers effortlessly, ensuring redundancy and high availability."
These integrations ensure that updates to Whatnot's secrets are instantly pushed to every secret manager in all environments. "Instead of an engineer manually copying a change, which used to take 10-15 minutes per secret, it's now real-time."
With Doppler, Whatnot realized substantial improvements in security, productivity, and automation. The robust features provided by Doppler streamlined processes, reduced vulnerabilities, and allowed developers to focus on more strategic tasks. As Whatnot looks to further refine its infrastructure and security, Doppler stands firm as an invaluable asset in their arsenal. Looking forward, Whatnot's vision aligns with leveraging Doppler for even tighter access control, further amplifying security and compliance standards.