Shared Secrets

enterprise feature this feature is only available with trufflehog enterprise contact us to learn more shared secrets allow admins or editors to generate secure, time limited links to individual secrets discovered during scans these links can then be shared, while maintaining tight access control and preventing long term exposure each link is associated with a specific secret and has strict access rules, authentication requirements, and expiration policies secrets can be shared from the secrets detail page by clicking the share button in the upper right corner and following the instructions below how it works a user with admin or editor permissions generates a link to a secret when they generate this, they choose an expiration window for the link the link is shared with a user when accessed, the user is prompted to authenticate (google or saml) trufflehog validates link status (valid, expired, or already read) authenticated domain match if valid, the secret and related locations are shown in a dedicated read only ui note shared secrets can only be viewed by users connecting from a trusted domain trusted domains are domains that you control and issue users email addresses from only users that can log in via google sso or your configured saml provider, with a trusted domain, are able to view shared secrets if they have the link you can configure your trusted domains from the trufflehog ui under settings > shared secrets > edit trusted domains