What's better than cleaning up leaked secrets? Blocking them from leaking in the first place, of course!

TruffleHog offers two ways of preventing secrets from leaking in Git:


Verification caching

Block secrets from leaking

source

Scanning in CI

TruffleHog Docs

Choose your adventure

Creating a scanner

Configuring a scanner

Resource Requirements

Secrets management

Running the scanner

Terminology

Getting started

Artifactory

AWS S3

Azure Repos (cloud)

Bitbucket

Buildkite

CircleCI

Confluence

Docker

Filesystem

Gerrit

GitLab

GitHub

Google Cloud Storage (GCS)

Google Drive

Jenkins

Jira

Microsoft Sharepoint

Microsoft Teams

Postman

Slack

Vector

Scan data for secrets

Email

Splunk

Stdout

Webhook

Notify results

Reverify secrets

Pre-commit hooks

Pre-receive hooks

Systemd

Helm Chart

Kubernetes manifest

Deployment

Configuration file reference

Custom detectors

Customizing detection

On-premise verification

Customizing TruffleHog

Coming Soon: Dynamic Role-Based Access Control (RBAC)

Authentication

Architecture

Compliance

Security and Compliance

2025 May

TruffleHog Release Notes