Scan data for secrets

Vector

6min

Scan Vector logs using the Vector HTTP sink. 
﻿
﻿
﻿
Configuration
Web Configuration
Vector scanning is only available for local, on-prem scanners right now.
Local configuration
TruffleHog Source configuration
Access Token
sources:
- connection:
    '@type': type.googleapis.com/sources.Webhook
    listenAddress: ":8080"
    header:
      key: Authorization
      # Note that you must prefix your secret
      # value with 'Bearer: ' as shown.
      value: "Bearer your-secret-value"
  name: Vector logs
  scanPeriod: 12h
  type: SOURCE_TYPE_WEBHOOK
  verify: true
sources:
- connection:
    '@type': type.googleapis.com/sources.Webhook
    listenAddress: ":8080"
    header:
      key: Authorization
      # Note that you must prefix your secret
      # value with 'Bearer: ' as shown.
      value: "Bearer your-secret-value"
  name: Vector logs
  scanPeriod: 12h
  type: SOURCE_TYPE_WEBHOOK
  verify: true
﻿
Vector HTTP Sink configuration
If present, the following fields will show up as metadata in the TruffleHog dashboard: host, hostname, timestamp, source_type
We recommend running TruffleHog in a way where you can have autoscaling replicas to scale out as needed to handle your log volume. 

For example, in K8s, you would use a Deployment, Service, and HorizontalPodAutoscaler with a CPU target of 75% to autoscale the Deployment as needed.
See https://vector.dev/docs/reference/configuration/sinks/http/ for more Vector HTTP Sink configuration options.
Access Token
sinks:
  webhook:
    type: http
    inputs:
      - "in"
    # Customize the URI to point to whatever host:port
    # you are running TruffleHog on
    uri: http://localhost:8080/v1/vector
    method: "post"
    encoding:
      codec: "json"
    auth:
      strategy: "bearer"
      token: "your-secret-value"

sinks:
  webhook:
    type: http
    inputs:
      - "in"
    # Customize the URI to point to whatever host:port
    # you are running TruffleHog on
    uri: http://localhost:8080/v1/vector
    method: "post"
    encoding:
      codec: "json"
    auth:
      strategy: "bearer"
      token: "your-secret-value"
﻿
Capabilities
Feature
Supported
Scan build logs
✅
Scan base64 encoded data
✅
Block logs with credentials
❌
Real-time scanning
✅
﻿

Feature	Supported
Scan build logs	✅
Scan base64 encoded data	✅
Block logs with credentials	❌
Real-time scanning	✅

Updated 11 Mar 2025

Did this page help you?

Slack

Notify results