watsonian
commented
1 day ago @gedw99 Thanks for writing in about this! Security is something that we take very seriously at Doppler and we want to be clear about both the benefits and risks that our users take on when using our tools. Our security team is working on a response that we’ll post here and add to our Security Fact Sheet.
This is Doppler's most significant drawback, and it's a big one.
If Doppler is compromised, whether by an outside attacker, a rogue insider, or one of the third-party sub-processors that Doppler trusts with access to its front-end dashboard or back-end systems, then all of your secrets are likely to be compromised.