makes secrets easier. It verifies findings are live and enriches them with context, so your team spends time on real risk, not false positives. Deploy hosted or self-hosted scanners, scan your critical systems for secrets, and notify the right teams to remediate and rotate.

This guide walks you through setting up TruffleHog Enterprise for the first time. By the end, you'll have a running scanner, your first source connected, and findings flowing into the web UI.

A TruffleHog Enterprise tenant (contact us if you don't have one yet)

Admin access to at least one source you want to scan (GitHub, Slack, Jira, etc.)

For self-hosted scanners: a Kubernetes cluster, VM, or container host you can deploy to

 Choose hosted (managed by Truffle Security) or self-hosted (running in your environment).

 Tell it which sources to scan and how often.

 Kick off your first scan and watch findings appear in the web UI.

 Route findings to Slack, Jira, email, or webhooks so the right people can act on them.

Learn how to set up and utilize TruffleHog Enterprise's managed and self-hosted scanners for enhanced security. This document includes step-by-step instructions on creating, configuring, and running scanners, as well as a comprehensive guide to understand

Choose your adventure

TruffleHog Enterprise - Getting started

source

Configuring a scanner

TruffleHog Docs

Hosted Scanner deployment

Creating a scanner

Configuring a self-hosted scanner

Self-Hosted Deployment Guide

Linux Host

Docker

Helm Chart

Kubernetes Manifest

Resource requirements

Configuration file reference

Credential management

Running the scanner

Self-Hosted Scanner deployment

Artifactory

AWS S3

Azure Repos (cloud)

Bitbucket

Buildkite

CircleCI

Confluence

Filesystem

Gerrit

GitLab

GitHub Real-time

GitHub

Google Cloud Storage (GCS)

Google Drive Domain-Wide Delegation (DWD)

Google Drive

Jenkins

Jira

Microsoft Sharepoint

Microsoft Teams

Postman

Slack

Vector

Reverify secrets

Verification caching

Scan for secrets

Self-discovery analyzers

GCP analyze

Analyze secrets

Email

Multi-project ticket synchronization

Splunk

Stdout

Webhook

Notify results

Shared Secrets

Scanning in CI

Pre-commit hooks

Pre-receive hooks

Block secrets from leaking

Custom detectors

Customizing detection

On-premise verification

Customizing detectors

Customizing TruffleHog

User Enablement Guide

Exported Secrets Column Definitions

Resource Hub

Architecture

Dynamic Role-Based Access Control (RBAC)

Authentication

Compliance

Data flow

How we handle your data

Security and Compliance

Secret Management Best Practices

Terminology

2026 April

2026 March

2026 January

2025 December

2025 November

2025 October

2025 September

2025 August

2025 July

2025 June

2025 May

TruffleHog Release Notes