The teams who need to rotate the secret don’t have access to TruffleHog or don’t have access to the Jira project TruffleHog is creating the ticket in. 

TruffleHog detects a secret ➔ creates a Jira ticket via integration.

The integration is configured to create tickets in a specific Jira project (e.g. SECURITY-INC).

The real work needs to happen in other teams' Jira projects (e.g. ENG, DEVOPS, INFRA).

The master ticket in SECURITY-INC (so TruffleHog can continue to sync updates, status, findings, metadata, enrichment, etc.).

Child or linked tickets in the correct downstream Jira projects where remediation will occur.

1️⃣ Use TruffleHog Integration as Master Ticket Creator Only

Continue to have TruffleHog create the initial ticket in the SECURITY-INC Jira project.

This ticket becomes your “canonical record” for the secret finding.

TruffleHog can continue to update this master ticket if additional information or updates come in.

2️⃣ Use Automation to Spawn Sub-tickets in Target Projects

Use Jira Automation Rules (native Jira Cloud feature) or Webhook triggers to automatically create sub-tasks or linked issues in the appropriate Jira projects when a new master ticket is created.

When issue created in SECURITY-INC project with label live-secret ➔ create linked issue in ENG project.

You can pass fields like summary, description, affected repository, file path, secret type, etc. into the new linked ticket.

Set up a "blocked by / blocks / relates to" link between the master and child tickets.

3️⃣ Maintain Sync from TruffleHog to Master Ticket Only

Let TruffleHog continue syncing updates into the master ticket.

Do not try to sync TruffleHog directly into the downstream tickets — that becomes extremely fragile.

The downstream teams work off their tickets, and as they update the status, you can use Jira Automation to roll status back up to the master ticket if needed (e.g. all sub-tasks resolved → mark master as resolved but do not close it. TruffleHog will close the master ticket once we see its no longer live).

4️⃣ (Optional) Use Custom Jira Fields for Tracking

This helps reporting and tracking for security teams without polluting the downstream project workflows.


Multi-project ticket synchronization

Jira

source

Splunk

TruffleHog Docs

Choose your adventure

Creating a scanner

Configuration file reference

Configuring a scanner

Resource Requirements

Running the scanner

Terminology

Getting started

Reverify secrets

Verification caching

Artifactory

AWS S3

Azure Repos (cloud)

Bitbucket

Buildkite

CircleCI

Confluence

Docker

Filesystem

Gerrit

GitLab

GitHub Real-time

GitHub