TruffleHog
TruffleHog is a secret scanning platform that detects exposed credentials and sensitive data across repositories, cloud storage, and other sources. You can bring source, secret, and secret definition data from TruffleHog into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with TruffleHog and how to obtain that information from TruffleHog. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select TruffleHog from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate TruffleHog with Brinqa:
- TruffleHog API Base URL: The base URL for the TruffleHog API (e.g.,
https://<instance>.trufflehog.com/). - API Key: The API key for authenticating requests to the TruffleHog API.
- API Secret: The API secret for authenticating requests to the TruffleHog API.
The connector authenticates using custom API headers (X-Thog-Key and X-Thog-Secret), supporting TruffleHog's native key/secret authentication scheme.
Additional settings
The TruffleHog connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 250.
- Maximum retries: The maximum number of times that the integration attempts to connect to the TruffleHog API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The TruffleHog connector can retrieve the following types of data from the TruffleHog API:
Table 1: Data retrieved from TruffleHog
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Secret | Yes | Violation |
| Secret Definition | Yes | Violation Definition |
| Source | Yes | Cloud Resource |
For detailed steps on how to view the data retrieved from TruffleHog in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Secret
Table 2: Secret attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Secret.analyze_id | ANALYZE_ID |
Secret.analyzer_type | ANALYZER_TYPE |
Secret.created_date | CREATED_DATE |
Secret.created_date | SOURCE_CREATED_DATE |
Secret.date_rotated | DATE_ROTATED |
Secret.distinct_source_names | DISTINCT_SOURCE_NAMES |
Secret.distinct_source_types | DISTINCT_SOURCE_TYPES |
Secret.id | UID |
Secret.last_seen | LAST_SEEN |
Secret.last_verified | LAST_VERIFIED |
Secret.modified_date | MODIFIED_DATE |
Secret.modified_date | SOURCE_LAST_MODIFIED |
Secret.redacted | REDACTED |
Secret.secret_locations_count | LOCATIONS_COUNT |
Secret.secret_type | CATEGORIES |
Secret.secret_type | NAME |
Secret.secret_type | SECRET_TYPE |
Secret.secret_type | TYPE |
Secret.triage_state | TRIAGE_STATE |
Secret.triage_state (normalized) | SOURCE_STATUS |
Secret.triage_state or UNKNOWN | PROVIDER_STATUS |
Secret.user_defined | IS_USER_DEFINED |
Secret.verified | IS_VERIFIED |
SecretLocation[].account_name | RESULTS |
SecretLocation[].azure_container | RESULTS |
SecretLocation[].bucket | RESULTS |
SecretLocation[].build_number | RESULTS |
SecretLocation[].build_step | RESULTS |
SecretLocation[].channel_identifier | RESULTS |
SecretLocation[].channel_name | RESULTS |
SecretLocation[].channel_visibility | RESULTS |
SecretLocation[].commit | RESULTS |
SecretLocation[].created_date | RESULTS |
SecretLocation[].decoder_type | RESULTS |
SecretLocation[].email | RESULTS |
SecretLocation[].extra_data | RESULTS |
SecretLocation[].file_name | RESULTS |
SecretLocation[].image_name | RESULTS |
SecretLocation[].issue | RESULTS |
SecretLocation[].layer_hash | RESULTS |
SecretLocation[].line | RESULTS |
SecretLocation[].link | RESULTS |
SecretLocation[].location | RESULTS |
SecretLocation[].location_metadata | RESULTS |
SecretLocation[].modified_date | RESULTS |
SecretLocation[].org | RESULTS |
SecretLocation[].package_name | RESULTS |
SecretLocation[].page | RESULTS |
SecretLocation[].pipeline | RESULTS |
SecretLocation[].project_name | RESULTS |
SecretLocation[].region | RESULTS |
SecretLocation[].registry | RESULTS |
SecretLocation[].release_name | RESULTS |
SecretLocation[].repository | RESULTS |
SecretLocation[].snippet_id | RESULTS |
SecretLocation[].source.id | TARGETS |
SecretLocation[].source.name | RESULTS |
SecretLocation[].space | RESULTS |
SecretLocation[].tag | RESULTS |
SecretLocation[].tag | TAGS |
SecretLocation[].timestamp | RESULTS |
SecretLocation[].title | RESULTS |
SecretLocation[].user_id | RESULTS |
SecretLocation[].username | RESULTS |
SecretLocation[].vcs_type | RESULTS |
SecretLocation[].version | RESULTS |
SecretLocation[].workspace_name | RESULTS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Secret Definition
Table 3: Secret Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Secret.rotation_guide | RECOMMENDATION |
Secret.rotation_guide | ROTATION_GUIDE |
Secret.secret_type | NAME |
Secret.secret_type | UID |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Source
Table 4: Source attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Source.id | UID |
Source.last_completed | LAST_COMPLETED |
Source.name or Source.id | NAME |
| Generated (set to "Cloud Resource") | CATEGORIES |
| Generated (set to "UNKNOWN") | PROVIDER_STATUS |
| Generated (set to "active") | SOURCE_STATUS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Operation options
The TruffleHog connector supports the following operation options:
Table 5: Operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Secret, Secret Definition | secret_type | N/A | Filter secrets by secret type for targeted data collection. | Key: secret_type Value: AWS. Filter to only retrieve AWS-related secrets. |
triage_state | UNTRIAGED, FALSE_POSITIVE, RESOLVED, WILL_NOT_FIX | Filter secrets by triage state. | Key: triage_state Value: UNTRIAGED. Only retrieve untriaged secrets. | |
verified | true, false | Filter secrets by verified status. | Key: verified Value: true. Only retrieve verified secrets. |
APIs
The TruffleHog connector uses the TruffleHog API. Specifically, it uses the following endpoints:
Table 6: TruffleHog API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Secret, Secret Definition | GET api/v2/secrets |
| Secret | GET api/v2/secret_locations |
| Source | GET api/v1/sources |
Changelog
The TruffleHog connector has undergone the following changes:
Table 7: TruffleHog Changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | 2026-04-28 |