Analyze secrets
Self-discovery analyzers
3 min
before trufflehog analyze, identifying a key's access often meant manually digging through a saas provider's settings page with trufflehog analyze, we use the api to automatically discover a key's metadata, resources, and permissions we use techniques so that the discovery portion is stateless and minimizes potential impacts these include the following inferring scope from headers and api endpoints testing permissions via stateless api calls sending malformed requests to stateful endpoints to observe permission errors analyze in enterprise analyze results for an openai secret if you have trufflehog analyze enabled, your scans (both cloud and on premises) will automatically analyze live secrets on first discovery there is no additional setup to get started, contact your account executive for more information analyze in open source we've open sourced some of our most popular secret types! the analyzers can be found in our open source project in open source, if you run trufflehog analyze a terminal user interface (tui) appears paste in your live secret and trufflehog will begin analyzing the secret scope there is an optional log file parameter where you can specify a file that then enumerates all the api calls the analyzer runs