TRUFFLEHOG
Analyze
Understand the impact of your secrets.
Exposed secrets and non-human identities (NHIs) are IAM security risks, not just static code issues.
Context-rich intelligence for leaked secrets remediation
TruffleHog Analyze extends TruffleHog Enterprise to reveal who owns a secret, what it can access, and what permissions it holds, giving teams the context to act fast.
Understand every secret's impact
Identify the owner
Find who created the secret to enable quick rotation or revocation.
Understand access scope
Know which services and resources the secret can access to assess its impact
Analyze permissions
See read, write, and admin rights to replace credentials safely.
Context-driven insights
TruffleHog Analyze automatically queries provider APIs to enrich each finding—no extra setup needed. Enrichment includes:
Creator / owner
Access level (read / write / admin)
Affected services and specific resources
Resource scope (repo-level, table-level, etc.)
Identity mapping
Usage timestamps (where available)
Identify high-risk secrets
Built-in pattern recognition flags the riskiest configurations, such as:
Non-org Slack tokens or unknown users
Secrets from unmanaged or personal accounts
Admin-level or broadly scoped credentials
Integrated in the TruffleHog UI
Insights appear directly within the product:
A dedicated “Analyze” tab on secret detail pages
Inline highlights showing ownership, scope, and risk
Broad and growing coverage
Supports 40+ key types, including:
AWS access keys
GitHub PATs
Slack tokens
Database connection strings
GCP credentials
…and we're always adding more!
Guided rotation and revocation
Follow step-by-step instructions tailored to each provider to rotate or revoke credentials quickly and confidently.
