Welcome to


The enterprise version of TruffleHog provides everything you need to operationalize continuous secrets scanning across your company. TruffleHog runs across all your platforms quietly in the background and only alerts when verified secrets are leaked.

Scanning integrations to cover your entire SDLC

Identify, Prevent

secrets leaks across all the platforms from a single pane of glass.

Goodbye, false positives

Eliminate false positives with over 700 secret detectors that support automatic API verification. When a new key is found, TruffleHog will check the key against the provider to determine what the key has access to. No more worrying about triaging false positives or dead keys.

X-ray sniffer

Many secrets can be found outside of plaintext files. TruffleHog’s decoders can find those secrets in PDFs, images, encoded text, executables and much more!

Private key private investigator

We find lots of private keys with TruffleHog. So we continuously index over 12,000,000,000 public keys from Certificate Transparency and GitHub SSH to immediately know which private keys are sensitive. We call this technology Driftwood and it’s Open Source and integrated with TruffleHog.

Yours or ours

TruffleHog can be run on-premises or from our secure isolated cloud instances. This makes TruffleHog a great option for scanning on your internal network.

Automatic evolution

New updates to TruffleHog are automatically pushed to your instance to ensure that new integrations, supported secrets, remediation workflows, and patches are added as they become available.

Shifting left

TruffleHog’s remediation workflows shift the responsibility of rotating each key to the person that leaked it. For example, TruffleHog can auto-file and assign jira tickets to the leaker or Create Slack channels to remind and verify leak remediation automatically.

Thorough historian

Most source code and document history are buried in the past. We scan all current and previous versions, attachments, artifacts, comments, and logs of our integrations to ensure a deep analysis is performed.

Ever vigilant

An AWS credential posted publicly on GitHub is compromised in minutes, often leading to crypto mining, ransomware, or worse in your cloud environment. Truffle Security monitors your public and private data sources in real time to enable you to take action when it matters most.

Secrets deflectors

TruffleHog’s pre-commit and pre-receive hooks for developers prevent the keys being leaked out in the first place. Also, our various CI/CD integrations provide additional assurances that prevent secret leaks before they reach production systems.

TruffleHog is a security tool, built by a security passionate community. Checkout everything we are doing to secure TruffleHog.

Take control of your secrets with TruffleHog. Contact us to get started on a free 7-day trial.

© 2022 Truffle Security. All Rights Reserved.