HashiCorp Products Used
Customer Story
Cracking the code to global success
The world’s largest developer collaboration platform uses HashiCorp solutions to shore up internal processes and deliver mission-critical functionality faster and at lower cost.
- 28M+ global customers
- 80M+ monthly transactions
- 50-75% faster ticket resolution with self-service IaC
- Accelerated pull request approvals from days to hours, reducing approval time by 80%
- 10x faster infrastructure deployment: days → hours
- Real-time security management: Zero expiration incidents
GitHub is the developer company. As the home to more than 65 million developers from across the globe, GitHub is where developers can create, share, and ship the best code possible. GitHub makes it easier to work together, solve challenging problems, and create the world’s most important technologies.
We felt that HashiCorp had a solid finger on the pulse of what our engineers need and like to work with. Our engineers simply like interacting with their platforms.
Stephan Kürpick, Technical Unit Lead, Pay and Credit, Riverty
Modernizing legacy fintech infrastructure
Powering over 80 million transactions each month, Riverty delivers flexible payments, debt collection, and smart accounting solutions while constantly pushing to innovate. But sustaining that scale demands sharp operational efficiency, especially within IT. To meet rising demands, the company had to modernize its legacy IT infrastructure and reengineer development practices within a hybrid cloud environment to boost agility, security, and compliance.
Operational overhead causes development delays and risk
With millions of users relying on Riverty’s digital payment solutions across 5,000 online shops, availability and speed are non-negotiable. To meet those expectations, Riverty’s 250 Pay and Credit engineers are responsible for building and maintaining high-availability APIs that ensure seamless, always-on access regardless of when or where users engage.
But for years, the team operated within the limits of an on-premises IT strategy, where infrastructure was managed by a central technology team that served as the full-service provider for development teams across the organization. With dozens of teams working on multiple products, infrastructure requests — from provisioning environments to updating secrets and certificates — piled up fast, slowing time to market. Engineers often waited days for support tickets to be resolved, delaying delivery and creating unnecessary friction in the build process.
“Our small team can’t be the bottleneck for our large, growing organization where demands on us are increasing,” says Stephan Kürpick, Technical Unit Lead, Pay and Credit at Riverty.
Secrets management was another growing pain. The central infrastructure team handled secrets manually in Azure Key Vault, often leading to a backlog. Combined with Riverty’s decentralized structure, this manual approach increased the risk of secret sprawl, expired credentials, and overlooked updates, posing serious compliance and auditing risks.
To move faster without compromising on security, Riverty needed to rethink its development workflow. “We needed a solid, reliable, self-service infrastructure and unified workflow for all of our development teams,” says Pavel Ozerov, Technical Program Manager at Riverty.
Challenges
Development bottlenecks caused by a ticket-based infrastructure provisioning model
Operational inefficiencies from inconsistent, manually managed environments
Slow time to market due to long provisioning cycles and limited developer autonomy
Increased risk of downtime and non-compliance from static, inconsistent infrastructure configurations
Security exposure from manually managed secrets and expired credentials
Limited agility and high cost from vendor lock-in and lack of provisioning portability
Compliance risks from poor visibility and fragmented management of secrets and certificates
Why HashiCorp
With Vault, we’ve addressed our big risk of secrets expiring head-on,” says Ozerov. “The more we can automate, the more secure and compliant we become, plus it makes our lives easier as engineers. In fact, since implementing Vault, I haven’t received a single notification that a secret has expired.
Pavel Ozerov, Technical Program Manager, Riverty
Investing in speed and scalability
Riverty needed a platform that could streamline infrastructure and security management while meeting developer expectations — all without the overhead of building everything from scratch. They found that in HashiCorp. “We felt that HashiCorp had a solid finger on the pulse of what our engineers need and like to work with,” says Kürpick. “Our engineers simply like interacting with their platforms.”
Implementation speed was also a key factor in Riverty’s decision. “We wanted to quickly implement this infrastructure platform for our engineers rather than taking significant time building and customizing it ourselves,” says Ozerov. “HashiCorp provided us much of what we needed right out of the box, allowing us to optimize our engineering time during implementation.”
With HashiCorp as its foundation, Riverty fast-tracked both its cloud migration and transition to a DevOps operating model, enabling engineers to work more independently while reducing operational risk and inefficiency. Since the company relied on a global, multi-cloud environment spanning Microsoft Azure and Kubernetes, maintaining infrastructure consistency was critical.
To address this, Riverty adopted HCP Terraform to standardize infrastructure as code and automate provisioning workflows. Instead of relying on manual processes, development teams now use reusable, self-service templates that allow them to spin up infrastructure on demand, accelerating delivery without sacrificing control.
“Developers don’t have to wait for a central team to provision the infrastructure for them, which previously took hours or sometimes days,” says Ozerov. “Now, teams use pre-configured modules and the magic happens. This greatly simplifies life from an infrastructure standpoint, and it’s made a huge difference.”
HCP Terraform also bridges provisioning skills gaps for Riverty. With reusable HCP Terraform modules, engineers can quickly deploy pre-approved standard infrastructure components or build custom templates aligned with internal policies, all reviewed through a streamlined pull request (PR) process to ensure consistency and control. This standardization supports Riverty’s business operations by reducing risk and potential downtime that can result from configuration errors, while also meeting compliance demands such as backup and recovery requirements.
“When we develop a module for an infrastructure component such as an SQL Server and database, we define the default policy for the backup,” says Ozerov. “Then, when various parameters and values are applied to that module by engineers, the backup policy isn’t forgotten. It’s inherent, which is extremely important for compliance.”
Hedging against credential risk
Expanding on its efforts to remain compliant, Riverty also adopted HashiCorp Vault to protect sensitive data and manage secrets at scale. Vault now serves as the system of record for the full lifecycle of secrets, certificates, passwords, and encryption keys. The team redesigned its security management approach to align with strict auditing and regulatory requirements such as PCI DSS, implementing role-based access controls to isolate infrastructure components and enforce least-privilege access.
Today, Riverty centrally manages over 430 secrets through Vault, including 150 dynamic secrets (primarily database and RabbitMQ credentials) and 285 static secrets. Dynamic secrets are generated on demand and expire automatically, while static secrets are stored and rotated through Vault’s secrets operator using a trigger. All of this has contributed to a significantly faster and more secure credential management process. Vault also handles certificate generation and revocation on demand, further reducing manual overhead and improving security posture.
“With Vault, we’ve addressed our big risk of secrets expiring head-on,” says Ozerov. “The more we can automate, the more secure and compliant we become, plus it makes our lives easier as engineers. In fact, since implementing Vault, I haven’t received a single notification that a secret has expired.”
Keeping the modernization momentum going
To stay ahead, Riverty also plans to implement HashiCorp Consul to standardize service networking and automate connectivity across dynamic, multi-cloud environments. With services increasingly distributed across Kubernetes clusters and cloud providers, the business needs a more flexible way to map service relationships and define clear, enforceable communication policies between internal and external systems. Consul service discovery and service mesh capabilities will play a key role in supporting that evolution.
Another big initiative underway for the team, besides modernizing the infrastructure, is infrastructure harmonization. “We’re currently working on the future setup of our infrastructure by migrating all components still located in on-premises datacenters to the cloud. We will then optimize the whole environment, not only from a technical but also from a business point of view, to deliver wider benefits to the organization, like reducing costs.”
Financial technology for a new era
With a continually improving infrastructure at its core, Riverty is now better equipped to not just deliver flexible financial solutions to customers but to drive innovation for a new era of financial technology. The HashiCorp Cloud Platform supports Riverty’s most critical applications while enabling engineers to go to market faster and more securely.
“The infrastructure as code offered by HCP Terraform is key to keeping everything secure, compliant, and structured,” says Ozerov. “Everyone knows the boundaries of responsibility; they know how things are configured, how to make a change, and how fast that change will be delivered. That’s a game changer.”
Outcomes
Cut support ticket resolution time from one day to a few hours with self-service IaC
Reduced infrastructure change rollout from a few days to same-day via pull-request-based workflows — a 90% reduction in deployment time
Accelerated pull request approvals from days to hours, reducing approval time by 80%
Enabled multiple infrastructure updates per day, saving hundreds of engineering hours quarterly
Eliminated service redeploys for secret rotation across 150+ credentials
Automated secrets management, removing the risk of expired credentials
Freed up the development team to focus on strategic projects by automating infrastructure provisioning and security management
Standardized deployments across Azure, AWS, and Kubernetes, avoiding vendor lock-in
Solution
Riverty turned to HashiCorp to modernize its IT infrastructure, provide greater efficiency through automation, elevate its security and compliance, and go to market faster.
GitHub Partners
Pavel Ozerov Technical Program Manager Riverty
Pavel Ozerov is Technical Program Manager at Riverty, leading cloud infrastructure harmonization and PKI initiatives to strengthen scalability, governance, and operational excellence across the organization.
Stephan Kürpick Technical Unit Lead, Pay and Credit Riverty
Stephan Kürpick is Tech Unit Lead at Riverty Pay & Credit, leading IT strategy and digital transformation to optimize Riverty's financial services across different markets.
Technology Stack
- Infrastructure :
- Bare-metal & VMs in data centers, AWS, Azure
- Container Runtime:
- Docker
- Orchestrator:
- Kubernetes
- CI/CD:
- GitHub Actions
- Data Service :
- MySQL, ElasticSearch, Kafka, Git
- Version Control:
- GitHub
- Provisioning :
- HashiCorp Terraform
- Security Management:
- HashiCorp Vault
Take the next step
Learn how we can help you scale cloud success across your enterprise.