Verification caching

after a trufflehog scanner attempts to verify a secret it finds it will cache the result of the verification attempt subsequent attempts to verify that same secret will use the cached result instead of making another remote request this prevents trufflehog from overwhelming verification endpoints, which can cause account lockouts and other problems the cache does not store raw secrets in memory; it stores secret hashes instead secrets are not persisted in memory longer than is necessary to verify them each scanner process has its own cache, which means that if you are running multiple scanners as part of trufflehog enterprise, they will not share a cache caches are not persisted when scanner processes terminate if you are using trufflehog enterprise to scan multiple sources using the same scanner process, they will all share a single cache each cache entry expires after three hours cache items will also expire on a least recently used basis if the cache begins to grow too large the reverify secrets docid\ fgxqp1tpf824gth vbohq feature of trufflehog enterprise will not use the cache reverification scans initiated by this feature will always make remote verification requests however, the results of these requests will be loaded back into the cache so they can be used by future scans if you are using trufflehog oss, your scan output will include (verification info cached) for each secret that had its verification status loaded from the cache rather than retrieved from a verification endpoint the internal architecture of trufflehog is such that the cache does not guarantee that duplicate verification requests are never made it does, however, greatly reduce their incidence