For people with serverless experience, how much of an issue is secrets management for you? I'm the founder of EnvKey[1], which is a saas/'serverless' secrets and config management solution that aims to be extremely simple to integrate and work with.

I have the idea that it could be particularly helpful in a serverless context, since I would imagine that configuration sprawl becomes an issue pretty quickly. That said, it's not an approach I have a lot of personal experience with, so I would love to hear thoughts on whether it's really a good fit!

1 - https:///www.envkey.com

Small company owner here (5 devs, no dedicated devops or ops people). It is a pain. We manage secrets with Ansible and Ansible Vault. When a key needs changing the process is very annoying. But at this point I never thought of it as a problem I would pay money for because it is still not painful enough.

Things would likely change if my company gets bigger, let’s say > 15 devs. Everybody can deploy the ansible playbooks right now but if the company gets bigger then I will have to worry about access control for different people. I may also have dedicated devops/ops people in which case I will want to limit normal developers’ access. I will worry about whether there is a process in place to ensure that keys always stay safe and are rotated whenever an employees leaves. etcetera.

Your product reminds me a lot of Launchdarkly, in that it solves a seemingly trivial problem (they help you manage feature flags), yet when you think of it in the context of a larger organization where people have to work together then there are suddenly lots of related problems that aren’t so trivially solved. Launchdarkly apparently managed to convince VCs to invest in them. You may want to look at them for inspiration. They have material posted on Heavybit.

Have you considered using Hashicorp Vault [1] or sops [2]?

[1] https://www.vaultproject.io/

[2] https://github.com/mozilla/sops/