--- title: Configuration file reference slug: configuration-file-reference docTags: createdAt: 2025-07-09T18:58:55.417Z --- # Configuration Options This document describes the configuration options provided by the user in YAML format. ## trufflehogAddress **Type**: `string` **Description**: The scanner API address of the TruffleHog server to connect to. This is given to you in the configuration file that you downloaded from your dashboard. Do not change it. **YAML Example**: ```yaml trufflehogAddress: "your-namespace.api.c1.prod.trufflehog.org:8443" ``` ## trufflehogScannerToken **Type**: `string` **Description**: The authentication token to use when connecting to the TruffleHog scanner. This is given to you in the configuration file that you downloaded from your dashboard. Do not change it. **YAML Example**: ```yaml trufflehogScannerToken: "thog-agent-XXXXXXXXXXXXXXXX" ``` ## trufflehogScannerGroup **Type**: `string` **Description**: Specifies the scanner group to use within TruffleHog. This is given to you in the configuration file that you downloaded from your dashboard. Do not change it. The token and group go together and cannot be changed. **YAML Example**: ```yaml trufflehogScannerGroup: "your_scanner_group_name" ``` ## logLevel **Type**: `string` **Description**: Sets the logging level. Common values are `info`, `debug`, and`trace` which have increasing levels of verbosity. **YAML Example**: ```yaml logLevel: "info" ``` ## logJson **Type**: `bool` **Description**: If set to `true`, logs will be output in JSON format. **YAML Example**: ```yaml logJson: true ``` ## concurrency **Type**: `uint64` **Description**: The number of concurrent scans to perform. It also drives concurrency in the Source being scanned if the source supports it. If ommitted the value defaults to the number of CPUs detected on the machine TruffleHog is running on. **YAML Example**: ```yaml concurrency: 10 ``` ## runOnce **Type**: `bool` **Description**: If set to `true`, the TruffleHog will run once and exit after the scans are completed. If set to false, TruffleHog will run as a daemon. :::hint{type="warning" indent="1"} If a scanner is running with `runOnce`, it will not do any reverification tasks outside of normal scans. If you wish to have this functionality, each scanner group must have at least one scanner running in daemon mode. ::: **YAML Example**: ```yaml runOnce: false ``` ## sources **Type**: List of `Source` objects **Description**: A list of source configurations. See [Scan for secrets](docId:91JgobvG-nkxpHML0ko7k) to learn how to add Source integrations for your providers. **YAML Example**: ```yaml sources: - connection: '@type': type.googleapis.com/sources.GitHub endpoint: https://github.ourbusiness.com token: XXXXXXXXXXXXXXXXXXXXXXXXXX name: GitHub scanPeriod: 12h type: SOURCE_TYPE_GITHUB verify: true - connection: '@type': type.googleapis.com/sources.S3 cloudEnvironment: {} name: S3 scanPeriod: 12h type: SOURCE_TYPE_S3 verify: true ``` ## notifiers **Type**: List of `Notifier` objects **Description**: A list of notifier configurations to handle notifications. See [Notify results](docId:3x2GI1gjNcQbCagjfqsSW) to learn how to add Notifier integrations for your providers **YAML Example**: ```yaml notifiers: - connection: '@type': type.googleapis.com/notifiers.Slack url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX name: slack secrets notifications type: NOTIFIER_TYPE_SLACK - connection: '@type': type.googleapis.com/notifiers.Webhook token: secret_token url: https://example.trufflesec.com:8081/webhook name: slack secrets notifications # sourcesToNotify can also be set to ALL to receive # all notifications sourcesToNotify: SOURCES_IN_THIS_CONFIG type: NOTIFIER_TYPE_WEBHOOK ``` ## detectors **Type**: List of `CustomRegex` objects **Description**: Custom regex detectors to identify secrets. See [Customizing detection](docId\:ziyiMDRe3_BDtWe2tOBQS) for more infromation **YAML Example**: ```yaml detectors: - name: "Custom Detector 1" keywords: - "keyword1" - "keyword2" regex: pattern1: "regex_pattern_1" pattern2: "regex_pattern_2" verify: - endpoint: "https://verify.example.com/api" unsafe: false headers: - "Authorization: Bearer token" successRanges: - "200-299" description: "Description of the custom detector" - name: "Custom Detector 2" # Other configuration ``` ## customVerifiers **Type**: List of `CustomVerifier` objects **Description**: Custom verifiers for secret verification. See [On-premise verification](docId\:lsrmBeJL1m-_BXRCZTnpj) for more infromation. **YAML Example**: ```yaml customVerifiers: - name: "Verifier1" endpoints: - "https://verifier1.example.com/verify" include_default_endpoints: true - name: "Verifier2" endpoints: - "https://verifier2.example.com/verify" include_default_endpoints: false ```