Zero Secret Problem

Hi all!

I have question. I read the docs and I was not able to find any info how Doppler solves the secret zero problem. Probably someone can help me to find more info.

Thank you in advance!

Hi @ Justell and welcome to the Doppler community!

This is a great question and we’ve begun working on a write-up for you.

Hey @Justell_Vonk, great question!

For anyone reading this later, the term “Secret Zero” describes the scenario where access to your secrets are protected by a single (or zeroth) secret — for example, a master key or API token used to access the data in your secrets manager. Suppose a developer wants to access the secrets they have stored in Doppler from a CI/CD pipeline. They can use the Doppler CLI from inside their CI script to fetch their secrets, but how will the CLI authenticate with Doppler? The CI system will need to provide the script with a Doppler Service Token which the Doppler CLI will consume. In this case, the Doppler token is “Secret Zero”.

In short, we don’t currently have a solution for eliminating secret zero in external environments. Today, Doppler is primarily focused on providing a centralized secrets manager, a single source of truth for secrets. This centralized access provides several productivity and security benefits including access to different environments, a mitigation for secrets sprawl, and the ability to revoke access to individual users or service tokens.

Currently, we focus on secure storage of the zeroth secret. When using the CLI locally, we store the CLI token in your OS’s keychain, to avoid writing a raw secret to your filesystem. When using an external CI service, like GitHub Actions or CircleCI, we recommend storing your Doppler Service Token in your provider’s secure variable storage (Github Action’s Encrypted Secrets or CircleCI’s Environment Variables, respectively). And when using an infrastructure tool like Kubernetes, we recommend storing your Doppler Service Token as a Kubernetes Secret. These services’ native secret storage provides a safe mechanism for storing your Doppler token and providing it to the Doppler CLI. This approach allows for secrets to be added, updated, and audited in Doppler without needing to make modifications to your code/scripts. It also provides a mechanism for admins to revoke access to service tokens in the event of a breach.

Looking forward, we will be looking at solutions to tackle the Secret Zero problem. Authentication schemes like identity-based auth could provide ways for users to establish trust between Doppler and authorized external environments without the need for any long-held credentials. We’ll be sure to provide more info as we make progress towards this goal.

1 Like