Important information for secret remediation lives on the Secrets page in Trufflehog. To access this information, click on "Secrets".

Here, you can see valuable information for your organization about the secrets that TruffleHog has unearthed. We are able to see the type of secret, the redacted secret information, whether it is active or not, and the location where this secret has been found. TruffleHog will always show you the Verified Secrets by default. These are secrets that your team will need to remediate or apply another Action to. If you would like to see all secrets, including those that TruffleHog did not return as Verified, click the "Live" button in the upper-right corner. Here, you can change the secret state to "All" to include every secret that TruffleHog has found.

Please note: Found secrets are never stored by TruffleHog and the information shown in this panel only shows redacted secrets and its metadata about the secret found.

If you click on "View Details" next to a specific secret, it brings you to the Secret Details page. Here you can see more information about the secret that TruffleHog found. Let's take a look at a test AWS secret that TruffleHog discovered. We can see the following details:

  1. This is a verified secret (it is active) which we can see by the green "verified" next to AWS secret.

  2. We can see that it is currently Active which means that it has not been remediated and marked as resolved, it has not been marked as "Mark will not fix" and it has not been marked as "Mark invalid". You can update the status on the Secret page as well.

  3. You can see when this secret was detected, as well as when it was last seen.

  4. You can see it what sources this secret appears. This one was detected in Slack. If it was found in Gitlab, for example, it would say "Gitlab" next to "Detected in 1 source(s)"

  5. You will also see the secret identifier, which will help you easily locate the secret for rotation. Please Note: The raw secret is never stored.

Below the secret details, we also list the locations in which this secret has been found. To easily find where this particular secret lives in Slack, click on a location in the left-hand panel, and it will show you:

  1. When it was discovered

  2. When it was last seen

  3. The date it was posted

  4. The channel it lives in (applicable to Slack)

  5. The User ID of the leaker

  6. and the Email of the leaker

This is all built in for you so that you can quickly identify, find and remediate any possible leaky secrets. Click on "Go to source" in the upper-right corner of the location section, and this will take you to the secrets location for easy remediation by your team.

Please Note: Secrets may be found in different locations. If you have a secret that has been found in Gitlab, for example, you will see when it was discovered, the email of the leaker, what repository it lives in, the commit, the file, and the line number when you click on its location.

If you navigate back to the Secrets page, you are able to take some additional actions. Click "Action" to the right of you secret. Here, you can go directly to "View secret details" which will bring you to the "Secret Details" page. You can "Mark resolved" if the secret has been remediated. You can "Mark will not fix" if this is not a sensitive secret that needs to be remediated. And finally, you can "Mark invalid" if this is not a verified secret.

On the Secrets page, you will also see that TruffleHog allows you to "Export to CSV". You can export a csv file of all of your secret information directly from this button.

Finally, on the Secrets page we are able to use our filters to quickly see the information that is most important to you. Let's say that you want to see all of the AWS keys, found in the Slack source that are currently active. To do this, you will set up your filters in this way:

If you have any questions regarding what information you can see on the Secrets page, please do not hesitate to reach out to!

Did this answer your question?