Industry: Computer software
Location: Aarhus, Denmark
AccuRanker is a software service company that develops search engine optimization (SEO) tools used by SEO and marketing professionals within enterprises. The company’s flagship tool, also called AccuRanker, is a large-scale rank tracking platform that delivers profound data insights for industry leaders. More than 32,000 customers use AccuRanker to seamlessly monitor their SEO performance across countless keywords and markets. Headquartered in Denmark and with offices in the US and UK, AccuRanker is a rapidly growing startup building a foundation of security for future growth.
Similar to other software companies, AccuRanker manages developer secrets to facilitate the development of its products. ‘Secrets’ refer to digital authentication credentials for sensitive parts of the IT and developer ecosystem; examples of secrets include database passwords, SSL/TLS certificates, API keys, and private encryption keys.
A fast-paced start-up, AccuRanker found it was increasingly defaulting to suboptimal security practices, such as storing secrets across multiple cloud environments. The company’s other strategy for managing secrets was to store them in .env files. While a common tactic among developers, .env files are an insecure method for secrets management. This approach also makes it more challenging for development teams to manage secrets and keep them up-to-date across the organization.
Said Chief Technical Officer Henrik Refslund, “Early on, we didn’t have a strategy for how we would like to handle secrets management. When you have a new secret, what do you do with that? We found we were just doing what was most convenient, not the most secure. We found ourselves in a position of hoping there was no leak.”
At one point, AccuRanker considered onboarding secrets management solution HashiCorp to help strengthen its security. While the team was impressed with the product’s capabilities, they realized some of the features were superfluous for their needs and that the overall price point was too costly.
“We’ve been using the Bitwarden Password Manager for a long time and really like the product,” said Refslund. “As we grew more familiar with Bitwarden, we discovered the company also offered a secrets management solution.”
After considering alternatives, AccuRanker opted to go with the Bitwarden Secrets Manager. The team was drawn to the product’s lightweight implementation, ease-of-use, and the fact that it was already familiar and pleased with the Bitwarden Password Manager. Said Refslund, “Bitwarden was our best choice.”
“We’re at the stage where we have a proper secrets management strategy that we’re implementing across the organization,” added Refslund. “We’re moving in the direction of making all our systems secure and no longer making mistakes such as accidentally committing our secrets to code. Essentially, we’re securing our future as we continue to grow as a startup.”
Bitwarden Secrets Manager customers have the option of utilizing the product’s command-line interface (CLI), a powerful tool for retrieving and injecting secrets. The Secrets Manager CLI can be used to organize customer vaults with create, delete, edit, and list commands for customer secrets and projects. The AccuRanker team capitalized on this functionality, creating a custom-built CLI wrapper to integrate with its backend system. According to backend engineer Phillip Kampmann, “We’re now able to access secrets such as encryption keys through our own internal API. In the future, the CLI wrapper will also allow for the automatic rotation of keys.”
Now that AccuRanker has, in the words of Refslund, a “super, super simple [secrets management] blueprint that every single developer can follow,” the team is looking to the future. AccuRanker plans to implement more advanced functions like secret rotation via the customer build CLI wrapper. It’s also set to onboard more users and of course, secure more secrets.
Learn more about what Bitwarden can do for your business and sign up for a free 7-day trial!