What’s the best way to keep backups in dopplers secrets? It seems too easy to simply delete and lose everything right now (permissions are not granular enough - but even so its a bit risky). Would syncing to AWS keystore help give us a secure backup “just in case” something goes wrong.
Hi @avaitla16,
Syncing secrets to AWS Param Store or Secrets Manager would be a great backup solution as although you can revert secret changes in the activity log, there is no way to restore a deleted project.
If possible, I recommend limiting admin and owner access to as a few developers as possible as they’re the only ones capable of deleting a project.
Given the importance of the keys (some things are unrecoverable when deleted), I suggest doppler take a more conservative approach to deletion similar to aws here Deleting a secret - AWS Secrets Manager
They discuss why it’s important to be really cautious around deletions and put things in an archive stage before true deletion. Would be good to enforce this at an organization level in doppler.
Also does deleting a project in doppler trigger a delete in aws secret store of the entire store?
Hi @avaitla16,
Thanks for the feedback and I’ll pass this onto our engineers to consider.
Also does deleting a project in doppler trigger a delete in aws secret store of the entire store?
Deleting a project, while deleting any integration connections does not automatically trigger deletion of secrets created from an integration, e.g. AWS Secrets Manager secrets.
