The Vector integration scans logs forwarded from Vector via the HTTP sink, enabling real-time secret detection on log streams.

The Vector integration is configured via a local configuration file. Web configuration in TruffleHog is not available for this source.

Setup requires configuration in two places: a TruffleHog source that listens for incoming logs, and a Vector HTTP sink that forwards logs to it.

sources:
  - connection:
      "@type": type.googleapis.com/sources.Webhook
      listenAddress: ":8080"
      header:
        key: Authorization
        # The value must be prefixed with 'Bearer ' as shown.
        value: "Bearer your-secret-value"
      vector:
        # Specify a field to extract using JQ-style syntax.
        # The extracted field can be used to format a link
        # back to your logging system in the TruffleHog dashboard.
        locator_field: "metadata.request_id"
        link_format: "https://your-logging-system.com/logs/{locator}"
    name: Vector logs
    type: SOURCE_TYPE_WEBHOOK
    verify: true

If present in the incoming log payload, the following fields are surfaced as metadata in the TruffleHog dashboard: host, hostname, timestamp, source_type. See the Vector HTTP sink documentation for the full set of sink options.

sinks:
  webhook:
    type: http
    inputs:
      - "in"
    # Customize the URI to point to whatever host:port
    # you are running TruffleHog on.
    uri: http://localhost:8080/v1/vector
    method: "post"
    encoding:
      codec: "json"
    auth:
      strategy: "bearer"
      token: "your-secret-value"

TruffleHog scans logs forwarded by Vector but does not block log delivery when credentials are detected. Detection is observe-only.

Slack

Vector

source

Reverify secrets

TruffleHog Docs

Choose your adventure

Configuring a scanner

Hosted Scanner deployment

Creating a scanner

Configuring a self-hosted scanner

Self-Hosted Deployment Guide

Linux Host

Docker

Helm Chart

Kubernetes Manifest

Resource requirements

Configuration file reference

Credential management

Running the scanner

Self-Hosted Scanner deployment

TruffleHog Enterprise - Getting started

Artifactory

AWS S3

Azure Repos (cloud)

Bitbucket

Buildkite

CircleCI

Confluence

Filesystem

Gerrit

GitLab

GitHub Real-time

GitHub

Google Cloud Storage (GCS)

Google Drive Domain-Wide Delegation (DWD)

Google Drive

Jenkins

Jira

Microsoft Sharepoint

Microsoft Teams

Postman

Verification caching

Scan for secrets

Self-discovery analyzers

GCP analyze

Analyze secrets

Email

Multi-project ticket synchronization

Splunk

Stdout

Webhook

Notify results

Shared Secrets

Scanning in CI

Pre-commit hooks

Pre-receive hooks

Block secrets from leaking

Custom detectors

Customizing detection

On-premise verification

Customizing detectors

Customizing TruffleHog

User Enablement Guide

Exported Secrets Column Definitions

Resource Hub

Architecture

Dynamic Role-Based Access Control (RBAC)

Authentication

Compliance

Data flow

How we handle your data

Security and Compliance

Secret Management Best Practices

Terminology

2026 April

2026 March

2026 January

2025 December

2025 November

2025 October

2025 September

2025 August

2025 July

2025 June

2025 May

TruffleHog Release Notes