TruffleHog Enterprise
TruffleHog Enterprise is a secret scanning platform that detects exposed credentials and sensitive data across repositories, cloud storage, and other sources. You can bring source, secret, and secret definition data from TruffleHog Enterprise into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with TruffleHog Enterprise and how to obtain that information from TruffleHog Enterprise. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select TruffleHog Enterprise from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate TruffleHog Enterprise with Brinqa:
- TruffleHog API Base URL: The base URL for the TruffleHog Enterprise API (e.g.,
https://<instance>.trufflehog.com/). - API Key: The API key for authenticating requests to the TruffleHog Enterprise API.
- API Secret: The API secret for authenticating requests to the TruffleHog Enterprise API.
The connector authenticates using custom API headers (X-Thog-Key and X-Thog-Secret), supporting TruffleHog's native key/secret authentication scheme.
Additional settings
The TruffleHog Enterprise connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 250.
- Maximum retries: The maximum number of times that the integration attempts to connect to the TruffleHog Enterprise API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The TruffleHog Enterprise connector can retrieve the following types of data from the TruffleHog Enterprise API:
Table 1: Data retrieved from TruffleHog Enterprise
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Secret | Yes | Violation |
| Secret Definition | Yes | Violation Definition |
| Source | Yes | Cloud Resource |
For detailed steps on how to view the data retrieved from TruffleHog Enterprise in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Secret
Table 2: Secret attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Secret.analyze_id | ANALYZE_ID |
Secret.analyzer_type | ANALYZER_TYPE |
Secret.created_date | CREATED_DATE |
Secret.created_date | SOURCE_CREATED_DATE |
Secret.date_rotated | DATE_ROTATED |
Secret.distinct_source_names | DISTINCT_SOURCE_NAMES |
Secret.distinct_source_types | DISTINCT_SOURCE_TYPES |
Secret.id | UID |
Secret.last_seen | LAST_SEEN |
Secret.last_verified | LAST_VERIFIED |
Secret.modified_date | MODIFIED_DATE |
Secret.modified_date | SOURCE_LAST_MODIFIED |
Secret.redacted | REDACTED |
Secret.secret_locations_count | LOCATIONS_COUNT |
Secret.secret_type | CATEGORIES |
Secret.secret_type | NAME |
Secret.secret_type | SECRET_TYPE |
Secret.secret_type | TYPE |
Secret.triage_state | TRIAGE_STATE |
Secret.triage_state (normalized) or active | SOURCE_STATUS |
Secret.triage_state or UNKNOWN | PROVIDER_STATUS |
Secret.user_defined | IS_USER_DEFINED |
Secret.verification_error_message | VERIFICATION_ERROR_MESSAGE |
Secret.verified | IS_VERIFIED |
SecretLocation[].account_name | RESULTS |
SecretLocation[].azure_container | RESULTS |
SecretLocation[].bucket | RESULTS |
SecretLocation[].build_number | RESULTS |
SecretLocation[].build_step | RESULTS |
SecretLocation[].channel_identifier | RESULTS |
SecretLocation[].channel_name | RESULTS |
SecretLocation[].channel_visibility | RESULTS |
SecretLocation[].commit | RESULTS |
SecretLocation[].created_date | RESULTS |
SecretLocation[].decoder_type | RESULTS |
SecretLocation[].email | RESULTS |
SecretLocation[].extra_data | RESULTS |
SecretLocation[].file_name | RESULTS |
SecretLocation[].image_name | RESULTS |
SecretLocation[].issue | RESULTS |
SecretLocation[].layer_hash | RESULTS |
SecretLocation[].line | RESULTS |
SecretLocation[].link | RESULTS |
SecretLocation[].location | RESULTS |
SecretLocation[].location_metadata | RESULTS |
SecretLocation[].modified_date | RESULTS |
SecretLocation[].org | RESULTS |
SecretLocation[].package_name | RESULTS |
SecretLocation[].page | RESULTS |
SecretLocation[].pipeline | RESULTS |
SecretLocation[].project_name | RESULTS |
SecretLocation[].region | RESULTS |
SecretLocation[].registry | RESULTS |
SecretLocation[].release_name | RESULTS |
SecretLocation[].repository | RESULTS |
SecretLocation[].snippet_id | RESULTS |
SecretLocation[].source.id | TARGETS |
SecretLocation[].source.name | RESULTS |
SecretLocation[].source.type | RESULTS |
SecretLocation[].space | RESULTS |
SecretLocation[].tag | RESULTS |
SecretLocation[].tag | TAGS |
SecretLocation[].timestamp | RESULTS |
SecretLocation[].title | RESULTS |
SecretLocation[].user_id | RESULTS |
SecretLocation[].username | RESULTS |
SecretLocation[].vcs_type | RESULTS |
SecretLocation[].version | RESULTS |
SecretLocation[].workspace_name | RESULTS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Secret Definition
Table 3: Secret Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Secret.rotation_guide | RECOMMENDATION |
Secret.rotation_guide | ROTATION_GUIDE |
Secret.secret_type | NAME |
Secret.secret_type | UID |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Source
Table 4: Source attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Source.id | UID |
Source.last_completed | LAST_COMPLETED |
Source.name or Source.id | NAME |
| Generated (set to "Cloud Resource") | CATEGORIES |
| Generated (set to "UNKNOWN") | PROVIDER_STATUS |
| Generated (set to "active") | SOURCE_STATUS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Operation options
The TruffleHog Enterprise connector supports the following operation options:
Table 5: Operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Secret, Secret Definition | secret_type | N/A | Filter secrets by secret type for targeted data collection. | Key: secret_type Value: AWS. Filter to only retrieve AWS-related secrets. |
triage_state | UNTRIAGED, FALSE_POSITIVE, RESOLVED, WILL_NOT_FIX | Filter secrets by triage state. | Key: triage_state Value: UNTRIAGED. Only retrieve untriaged secrets. | |
verified | true, false | Filter secrets by verified status. | Key: verified Value: true. Only retrieve verified secrets. |
APIs
The TruffleHog Enterprise connector uses the TruffleHog Enterprise API. Specifically, it uses the following endpoints:
Table 6: TruffleHog Enterprise API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Secret, Secret Definition | GET api/v2/secrets |
| Secret | GET api/v2/secret_locations |
| Source | GET api/v1/sources |
Changelog
The TruffleHog Enterprise connector has undergone the following changes:
Table 7: TruffleHog Enterprise Changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.1 | Secret locations are now fetched per-secret using the secret__id filter parameter, replacing the previous bulk-fetch approach for more targeted and efficient API usage. The connector display name has been updated from TruffleHog to TruffleHog Enterprise; no new integration is required—just update the version in the existing integration. No migration required. | May 12th, 2026 |
| 3.0.0 | Initial Integration+ release. | April 28th, 2026 |