EnvKey desires to create a wiser place to retailer an organization’s API keys and credentials
If an engineer finally ends up leaving an organization, on their very own, or for another motive, the corporate work goes to must shortly work to vary all of their keys for his or her credentials and keys utility parts.
That’s an enormous problem, as a result of usually instances it’s exhausting to know the place they’re saved, who can entry what, and the way to change every part at an enormous scale — particularly if the corporate is a big one. Dane Schneider hopes to vary that with a brand new service known as EnvKey, a option to create a type of encrypted repository internally the place an organization can retailer all its API credentials to be able to make them simple to replace, in addition to handle who has entry to what. Consider it as a form of LastPass or 1Password, however for vital credentials inside an organization. EnvKey is launching out of Y Combinator’s Winter 2018 class.
“At the last place I worked, a coworker got fired and my manager said he said, okay, we need to change all the API keys across the infrastructure — and it was Friday at 4 p.m.,” Schneider stated. “I had to tell him that’s not something we can just do right now. That’s a bit of an undertaking. I had been thinking along those lines, I had the idea in my mind, then I thought man if we had something that we could just update this in one place it’d be really simpler. We’d be able to deal with the security issue going on right now. We would share [our keys] over email or Slack, but it always felt like the wrong thing to do security-wise.”
Schneider is a solo-founder in Y Combinator, which is a little bit of an anomaly, however the thought sounded sensible sufficient provided that it’s a fairly large difficulty amongst corporations — particularly as they scale. Engineers would possibly run into the issue the place they unintentionally publish their credentials on Github whereas updating a code repository, which might result in potential safety points for that utility. The hope is that this presents startups and firms a chance to not solely make these keys simple to handle and replace, but additionally locked up tight to ensure one thing like that doesn’t occur within the first place.
Every firm has its personal account, with a person interface the place an organization can begin getting into configuration info for his or her functions. They’ll additionally import from one other system, after which invite the remainder of a group by way of electronic mail and generate keys that Schneider calls EnvKeys. Customers can create a developer degree entry key, for instance, after which set it in a env file like one in a python challenge — which can at all times have entry to the newest credentials each time somebody runs that challenge. When an app runs, it’ll seize the newest configuration, decrypt it, and synchronize it. There are easy entry ranges, the place somebody can entry it for improvement and staging, or servers, or directors that may invite extra folks.
EnvKey shops the API keys, that are end-to-end encrypted, and Schneider says the corporate doesn’t have entry to the knowledge. The hope is that corporations will add that info and be ok with it being saved securely and that they’ll shortly replace and shift round credential info as vital. Schneider additionally desires to construct EnvKey to work on any platform, reasonably than having it pinned all the way down to a single one, resembling one Amazon would possibly do for its net companies for instance.
There’s going to be loads of competitors for this sort of low-hanging fruit for managing this info, provided that it might probably result in large complications for corporations. Already there are startups like Hashicorp, which raised $40 million in October final 12 months, and naturally the main infrastructure suppliers could look to construct one thing related in their very own ecosystems. However Schneider’s hope is that EnvKey can have an easier method and work in most environments, which may help persuade engineers — particularly as the businesses develop up — to begin utilizing it.
“[Products like Hashicorp’s vault] take a pretty high level of developer operations expertise to set up and run it,” Schneider stated. “Unless you’re prepared to do a pretty substantial project, it’s pretty tough to work with. Another is AWS has a service called parameter store, which can work pretty well if you’re again, pretty savvy, with AWS and you’re using AWS services for everything else. That makes sense, but it also comes along with the complexity and baggage AWS has in general. There’s a lot of things to configure. There’s a pretty high learning curve with that.”