Locally-configured notifiers

Adding a Notifier configuration

Locally-configured notifiers are configured in your config.yaml file under the notifiers field.

Available sourcesToNotify are ALL and SOURCES_IN_THIS_CONFIG, with the default being SOURCES_IN_THIS_CONFIG.

Example config

concurrency: "8"
logLevel: info
notifiers:
- name: stdout secrets notifications
  sendUnverified: true
  sourcesToNotify: SOURCES_IN_THIS_CONFIG
  type: NOTIFIER_TYPE_STDOUT
numWorkers: 16
trufflehogAddress: https://gnarly-flying-pancake.c1.prod.trufflehog.org
trufflehogScannerGroup: account 1 - us-west-2
trufflehogScannerToken: thog-agent-XXXXXXXXXXXXXXXXXXXXXXXXXX

Stdout

notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Stdout
    format: JSON
  name: stdout secrets notifications
  sendUnverified: true
  type: NOTIFIER_TYPE_STDOUT

Available formats are PLAIN and JSON, with the default being PLAIN.

Slack

notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Slack
    url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  name: slack secrets notifications
  type: NOTIFIER_TYPE_SLACK

Webhook

Webhook notifiers allow for integrations which subscribe to found secret notifications. When a new secret is found, an HTTP POST payload will be sent to the webhook’s configured URL. Webhooks can be secured by using a token to generate and verify a signature of the payload.

Tokens

The signature is sent using in the X-Hub-Signature header. To verify the signature matches the payload, generate a SHA256 hash of the payload body prefixed with the token string.


X-HUB-SIGNATURE:5f246d1f78c832eee4d9b453742476a743a1c7fe73454b6b432b26868525423f
> BODY='{"source_type":"SourceType_SOURCE_TYPE_GIT",...}' 
> TOKEN="mySecretToken"
> echo -n "${TOKEN}${BODY}" | sha256sum
5f246d1f78c832eee4d9b453742476a743a1c7fe73454b6b432b26868525423f

Payload Body

Filesystem

{
	"SourceType": "SOURCE_TYPE_FILESYSTEM",
	"Metadata": {
    	"Data": {
      		"Filesystem": {
        		"file": "/Users/hrich/go/src/github.com/org/repo/file"
			}
		}
  },
  "SecretType": "Github",
  "Secret": "SOMESECRET",
  "Verified": false
}

Microsoft Teams

{
	"SourceType": "SOURCE_TYPE_TEAMS",
	"Metadata": {
		"Data": {
			"Teams": {
				"channelID": "channel-1",
				"channelName": "some channel",
				"timestamp": "2020-05-01T00:00:00Z",
				"userId": "user-1",
				"link": "https://teams.microsoft.com/l/message/19:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
				"file": "file-1",
				"email": "[email protected]"
			}
		}
	},
	"SecretType": "Github",
	"Secret": "SOMESECRET",
	"Verified": false
}

Github

{
	"SourceType": "SOURCE_TYPE_GITHUB",
	"Metadata": {
		"Data": {
			"Github": {
				"link": "https://github.com/org/repo/blob/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/file",
				"username": "user-1",
				"repository": "repo-1",
				"commit": "ae3e9d0f0516d52113386c1e75032536143a241c",
				"email": "[email protected]",
				"file": "file.txt",
				"timestamp": "2020-05-01T00:00:00Z",
				"line": 42
			}
		}
	},
	"SecretType": "Github",
	"Secret": "OTHERSECRET",
	"Verified": true
}

Jira

{
	"SourceType": "SOURCE_TYPE_JIRA",
	"Metadata": {
		"Data": {
			"Jira": {
				"issue": "issue-1",
				"author": "user-1",
				"location": "https://ourbusiness.atlassian.net/browse/issue-1",
				"email": "[email protected]",
				"timestamp": "2020-05-01T00:00:00Z"
			}
		}
	},
	"SecretType": "Github",
	"Secret": "SOMESECRET",
	"Verified": false
}

Bitbucket

{
	"SourceType": "SOURCE_TYPE_BITBITBUCKET",
	"Metadata": {
		"Data": {
			"Bitbucket": {
				"file": "file-1",
				"repository": "repo-1",
				"workspace": "workspace-1",
				"snippetId": "snippet-1",
				"title": "title-1",
				"commit": "ae3e9d0f0516d52113386c1e75032536143a241c",
				"email": "[email protected]",
				"link": "https://bitbucket.org/workspace-1/repo-1/src/ae3e9d0f0516d52113386c1e75032536143a241c/file-1",
				"timestamp": "2020-05-01T00:00:00Z",
				"line": 42
			}
		}
	},
	"SecretType": "Github",
	"Secret": "SOMESECRET",
	"Verified": false
}

Confluence

{
	"SourceType": "SOURCE_TYPE_CONFLUENCE",
	"Metadata": {
		"Data": {
			"Jira": {
				"page": "page-1",
				"space": "space-1",
				"version": "version-1",
				"link": "http://confluence.example.com/pages/viewpage.action?pageId=page-1",
				"email": "[email protected]",
				"timestamp": "2020-05-01T00:00:00Z"
			}
		}
	},
	"SecretType": "Github",
	"Secret": "OTherSecret",
	"Verified": true
}

Gitlab

{
	"SourceType": "SOURCE_TYPE_GITLAB",
	"Metadata": {
		"Data": {
			"Gitlab": {
				"file": "file-1",
				"link": "https://gitlab.com/org/repo/blob/ae3e9d0f0516d52113386c1e75032536143a241c/file-1",
				"repository": "repo-1",
				"line": 42,
				"timestamp": "2020-05-01T00:00:00Z",
				"commit": "ae3e9d0f0516d52113386c1e75032536143a241c",
				"email": "[email protected]"
			}
		}
	},
	"SecretType": "Github",
	"Secret": "SOMESECRET",
	"Verified": false
}

Slack

{
	"SourceType": "SOURCE_TYPE_SLACK",
	"Metadata": {
		"Data": {
			"Slack": {
				"channelID": "channel-1",
				"channelName": "some channel",
				"timestamp": "2020-05-01T00:00:00Z",
				"userId": "user-1",
				"link": "https://slack.com/app_redirect?channel=channel-1",
				"file": "file-1",
				"email": "[email protected]"
			}
		}
	},
	"SecretType": "Github",
	"Secret": "SOMESECRET42",
	"Verified": true
}

Scanner Configuration

notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Webhook
    token: secret_token
    url: https://example.trufflesec.com:8081/webhook
  name: slack secrets notifications
  sourcesToNotify: SOURCES_IN_THIS_CONFIG
  type: NOTIFIER_TYPE_WEBHOOK

Email

notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Email
    ses:
      creds:
        key: AKIAXXXXXXXXXXXXXXXX
        region: us-west1
        secret: XXXXXXXXXXXXXXXXXXXXXXXXXX
      recipients:
      - [email protected]
      sender: <trufflehog> [email protected]
  name: email secrets notifications
  type: NOTIFIER_TYPE_EMAIL

Splunk

notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.Splunk
    endpoint: https://splunk.company.com/notify
    hecToken: t0ken
  isDisabled: true
  name: send splunk notifications
  type: NOTIFIER_TYPE_SPLUNK

JIRA

Available “type"s for CustomField are STRING, NUMBER, and SINGLE_SELECT.

Please let us know if there are additional custom field types you would like to see supported.

notifiers:
- connection:
    '@type': type.googleapis.com/notifiers.JIRA
    basicAuth:
      password: t0ken
      username: [email protected]
    customField:
    - name: CustomField1
      type: STRING
      value: string field value
    - name: CustomField2
      type: NUMBER
      value: "42"
    - name: CustomField1
      type: SINGLE_SELECT
      value: single select field value
    endpoint: https://trufflesec.atlassian.net
    issueDescription: Found a secret
    issueType: Bug
    projectKey: SECRETS
  name: create jira tickets
  type: NOTIFIER_TYPE_JIRA

Last updated on 05-30-2023