Startup founders often over-glorify scrappiness and doing things that aren't scalable for the initial part of their company's lifecycle.

In the beginning, this bodes well in areas like:

  • Fostering 1:1 strong customer relationships
  • Interviewing every single candidate before they're hired to evaluate culture fit
  • Launching products early to get customer feedback and tackle bugs

However, this idea of scrappiness is undermined in areas like the handling and sharing of your company's sensitive data, like API keys.

Here's why:

  • Good Security isn't a patch. It's baked into the core of your products and codebases. Whether you're an independent developer or part of a company with teams of engineers, the risk of a breach/leak is always present and only increases with the number of engineers involved.
  • Experimenting with an unscalable manual approach is time-consuming and risky for the company, which leads to shortcuts and error prone tendencies.
  • Automating this workflow only has positives for the lifespan of the company. (In comparison, automating sales and product feedback pipelines super early on doesn't have the same positive outcome)

Let's look at 5 ways you can recapture some of your engineering time:

  1. Don't try to build your own robust environment management service unless no other 3rd party service is able/willing to fulfill your urgent needs. Building in-house almost always takes longer than expected and is expensive to maintain.
  2. Don't try to write a bash script as a quick-fix solution which will constantly break under unknown edge cases and as your company scales. Homebrewed solutions are built for the now, making them brittle for future needs.
  3. Don't host on-premise security solutions which will leave you taking on unnecessary liability. On-premise pricing also tends to be very steep.
  4. Don't share your keys manually over email, Slack, Google Docs, WhatsApp, etc. Engineers evidently make mistakes such as incorrectly sharing keys or unknowingly committing keys to GitHub which will forever be in the commit history.
  5. Don't use .env files as it will make it painful to onboard new engineers and synchronize key changes. .env files are always in plain text and are usually transferred over insecure mediums. Often times, engineers will spend a couple days figuring out what environment keys they need (database urls, API keys, flags, etc).

If you're ready to put a stop on the hours wasted performing manual tasks which also lack practical security standards, try Doppler out and get your first 14 days free.

Did this answer your question?