Deployment
Systemd
9min
getting started if you're looking to run the scanner on a linux system, setting it up to run as a systemd unit is a good way to ensure that it starts automatically when the node starts up, and automatically restarts as well uses centralized system logging with rotation can be isolated if needed for security purposes most modern linux distributions include systemd to manage daemons and system services by default, systemd services run as the root user of a system, thus inheriting root user permissions while this is a perfectly valid configuration for many services, it could potentially represent an increased security risk if you wish to configure the service to run as a non root user, you will need to ensure you specify user= in the service configuration (similar to the example below), and that the user has permissions to read and write to the directory in which the scanner binary is located read any directories that you would like to scan for secrets if you would like to create a specific user for the scanner to run as, perform the following command on debian based systems (using truffle as an example) sudo adduser truffle for other linux distributions sudo useradd m truffle the user running trufflehog must have write access to the folder that contains it in order for the updater to work properly chown r truffle /path containing trufflehog/ continue on to the following sections for the rest of the setup debian based systems cloud providers like aws have a default user already configured on debian and ubuntu machine images the example below references ubuntu debian admin ubuntu ubuntu if you've created a special user for running the scanner, substitute it in the configuration below extract the trufflehog scanner archive to /home/ubuntu copy your config yaml into /home/ubuntu copy the systemd unit file given below into /etc/systemd/system/trufflehog service amazon linux for amazon linux based nodes, the default user is ec2 user if you've created a special user for running the scanner, substitute it in the configuration below extract the trufflehog scanner archive to /home/ copy your config yaml into /home/ec2 user copy the systemd unit file given below into /etc/systemd/system/trufflehog service \[unit] description=run the trufflehog scanner as a daemon \[service] type=simple execstart=/home/ec2 user/scanner scan config=/home/ec2 user/config yaml restart=on failure restartsec=15s user=ec2 user \[install] wantedby=multi user target reload systemd to make it aware of the new service unit file sudo systemctl daemon reload configure the systemd to run trufflehog at boot sudo systemctl enable trufflehog service start trufflehog right now sudo systemctl start trufflehog service view the status of trufflehog sudo systemctl status trufflehog service view the trufflehog logs sudo journalctl u trufflehog tail the trufflehog logs sudo journalctl fu trufflehog configuring proxy connections when running as a systemd service in some instances, you may want to run a local scanner on a node that does not have outbound connectivity due to firewall configuration or other network topology in that instance, you can configure systemd services with a proxy by making use of the environment= setting using the above ubuntu example again \[unit] description=run the trufflehog scanner as a daemon \[service] environment="http proxy=http //proxy server com 8000" environment="https proxy=https //proxy server com 8000" type=simple execstart=/home/ubuntu/scanner scan config=/home/ubuntu/config yaml restart=on failure restartsec=15s user=ubuntu \[install] wantedby=multi user target be sure to change the url to the actual address or ip of your proxy server