Customizing TruffleHog
Configuration file reference

13min
Configuration Options
This document describes the configuration options provided by the user in YAML format.
trufflehogAddress
Type: string
Description: The scanner API address of the TruffleHog server to connect to. This is given to you in the configuration file that you downloaded from your dashboard. Do not change it.
YAML Example:
YAML
trufflehogAddress: "your-namespace.api.c1.prod.trufflehog.org:8443"
trufflehogAddress: "your-namespace.api.c1.prod.trufflehog.org:8443"
﻿
trufflehogScannerToken
Type: string
Description: The authentication token to use when connecting to the TruffleHog scanner. This is given to you in the configuration file that you downloaded from your dashboard. Do not change it.
YAML Example:
YAML
trufflehogScannerToken: "thog-agent-XXXXXXXXXXXXXXXX"
trufflehogScannerToken: "thog-agent-XXXXXXXXXXXXXXXX"
﻿
trufflehogScannerGroup
Type: string
Description: Specifies the scanner group to use within TruffleHog. This is given to you in the configuration file that you downloaded from your dashboard. Do not change it. The token and group go together and cannot be changed.
YAML Example:
YAML
trufflehogScannerGroup: "your_scanner_group_name"
trufflehogScannerGroup: "your_scanner_group_name"
﻿
logLevel
Type: string
Description: Sets the logging level. Common values are info, debug,  andtrace which have increasing levels of verbosity.
YAML Example:
YAML
logLevel: "info"
logLevel: "info"
﻿
logJson
Type: bool
Description: If set to true, logs will be output in JSON format.
YAML Example:
YAML
logJson: true
logJson: true
﻿
concurrency
Type: uint64
Description: The number of concurrent scans to perform. It also drives concurrency in the Source being scanned if the source supports it. If ommitted the value defaults to the number of CPUs detected on the machine TruffleHog is running on.
YAML Example:
YAML
concurrency: 10
concurrency: 10
﻿
runOnce
Type: bool
Description: If set to true, the TruffleHog will run once and exit after the scans are completed. If set to false, TruffleHog will run as a daemon.
YAML Example:
YAML
runOnce: false
runOnce: false
﻿
sources
Type: List of Source objects
Description: A list of source configurations. See Scan data for secrets﻿ to learn how to add Source integrations for your providers.
YAML Example:
YAML
sources:
- connection:
    '@type': type.googleapis.com/sources.GitHub
    endpoint: https://github.ourbusiness.com
    token: XXXXXXXXXXXXXXXXXXXXXXXXXX
  name: GitHub
  scanPeriod: 12h
  type: SOURCE_TYPE_GITHUB
  verify: true
- connection:
    '@type': type.googleapis.com/sources.S3
    cloudEnvironment: {}
  name: S3
  scanPeriod: 12h
  type: SOURCE_TYPE_S3
  verify: true
sources:
- connection:
    '@type': type.googleapis.com/sources.GitHub
    endpoint: https://github.ourbusiness.com
    token: XXXXXXXXXXXXXXXXXXXXXXXXXX
  name: GitHub
  scanPeriod: 12h
  type: SOURCE_TYPE_GITHUB
  verify: true
- connection:
    '@type': type.googleapis.com/sources.S3
    cloudEnvironment: {}
  name: S3
  scanPeriod: 12h
  type: SOURCE_TYPE_S3
  verify: true
﻿
notifiers
Type: List of Notifier objects
Description: A list of notifier configurations to handle notifications. See Notify results﻿ to learn how to add Notifier integrations for your providers
YAML Example:
YAML
notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Slack
    url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  name: slack secrets notifications
  type: NOTIFIER_TYPE_SLACK
- connection:
    '@type': type.googleapis.com/notifiers.Webhook
    token: secret_token
    url: https://example.trufflesec.com:8081/webhook
  name: slack secrets notifications
  # sourcesToNotify can also be set to ALL to receive
  # all notifications
  sourcesToNotify: SOURCES_IN_THIS_CONFIG
  type: NOTIFIER_TYPE_WEBHOOK
notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Slack
    url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  name: slack secrets notifications
  type: NOTIFIER_TYPE_SLACK
- connection:
    '@type': type.googleapis.com/notifiers.Webhook
    token: secret_token
    url: https://example.trufflesec.com:8081/webhook
  name: slack secrets notifications
  # sourcesToNotify can also be set to ALL to receive
  # all notifications
  sourcesToNotify: SOURCES_IN_THIS_CONFIG
  type: NOTIFIER_TYPE_WEBHOOK
﻿
detectors
Type: List of CustomRegex objects
Description: Custom regex detectors to identify secrets. See Customizing detection﻿ for more infromation
YAML Example:
YAML
detectors:
  - name: "Custom Detector 1"
    keywords:
      - "keyword1"
      - "keyword2"
    regex:
      pattern1: "regex_pattern_1"
      pattern2: "regex_pattern_2"
    verify:
      - endpoint: "https://verify.example.com/api"
        unsafe: false
        headers:
          - "Authorization: Bearer token"
        successRanges:
          - "200-299"
    description: "Description of the custom detector"
  - name: "Custom Detector 2"
    # Other configuration
detectors:
  - name: "Custom Detector 1"
    keywords:
      - "keyword1"
      - "keyword2"
    regex:
      pattern1: "regex_pattern_1"
      pattern2: "regex_pattern_2"
    verify:
      - endpoint: "https://verify.example.com/api"
        unsafe: false
        headers:
          - "Authorization: Bearer token"
        successRanges:
          - "200-299"
    description: "Description of the custom detector"
  - name: "Custom Detector 2"
    # Other configuration
﻿
customVerifiers
Type: List of CustomVerifier objects
Description: Custom verifiers for secret verification. See On-premise verification﻿ for more infromation.
YAML Example:
YAML
customVerifiers:
  - name: "Verifier1"
    endpoints:
      - "https://verifier1.example.com/verify"
    include_default_endpoints: true
  - name: "Verifier2"
    endpoints:
      - "https://verifier2.example.com/verify"
    include_default_endpoints: false
customVerifiers:
  - name: "Verifier1"
    endpoints:
      - "https://verifier1.example.com/verify"
    include_default_endpoints: true
  - name: "Verifier2"
    endpoints:
      - "https://verifier2.example.com/verify"
    include_default_endpoints: false
﻿
secretReverificationInterval
Type: string
Description: The interval at which secrets are re-verified, specified as a duration (e.g., "24h" for 24 hours).
YAML Example:
YAML
secretReverificationInterval: "24h"
secretReverificationInterval: "24h"
﻿
﻿
Updated 15 Jan 2025
Did this page help you?
Customizing TruffleHog
Custom detectors