Secret State Definitions:

You can find the “Secret State” in your TruffleHog instance. Click on “Secrets” on the left-hand panel, and then click the green “Live” button in the upper-right corner. Here, you can update the state of the secret. The definitions of each are below.

Secret State in Dashboard

Definitions

Live

Verified and still live

Rotated

Verified as a live secret at one time, but is not longer verified as live

Never Verified

Identified but not verified as live

Invalid

The user marked the secret “Invalid” for any reason, i.e. a long string of numbers and letters was found, but it is not actually a secret

Please Note: This is 1 of 3 secret states that the user can manipulate under “Action”

Resolved

The user marked the secret as “Resolved”, i.e. a secret that once was live and then was rotated or remediated prior to the scans running again. Ideally, customers won’t need to use this often, as they can rotate the secret and wait for the next scan to automatically mark the secret as “Rotated”.

Please Note: This is 1 of 3 secret states that the user can manipulate under “Action”

Will Not Fix

The user marked the secret as “Will Not Fix”, i.e. it is a secret that’s verified and still live, but no action needs to be taken on it as it is not a sensitive secret.

Please Note: This is 1 of 3 secret states that the user can manipulate under “Action”

Remediated

Remediated could mean rotated, but it could also mean that the customer marked the secret as “Resolved” or “Will Not Fix” for any reason.

Verified

At some point in time, this secret was verified. It could still be live, or have been rotated, or encompass another state but this signifies that at some point in time it was identified as live.

All

Any secret that TruffleHog has ever found.

Did this answer your question?