Unearth your secrets

TruffleHog™ is an open-source secret scanning engine that detects and helps resolve exposed secrets across your entire tech stack.

Trusted by dev and security TEAMS at some of the most innovative companies
Trusted by dev and security TEAMS at some of the most innovative companies

Millions of leaked secrets

Millions of secrets, including API keys, passwords, and tokens, are frequently leaking from sources like source code, chat systems, support tickets, and more, underscoring the need for robust secret leak detection.

TRUFFLEHOG digs deep

TruffleHog scans for sensitive credentials beyond the source code to include hidden content, deleted code, and version history from commonly used tools across your company.

Secrets Detection

Secrets Detection

TruffleHog sniffs out secrets everywhere: even the nooks and crannies of your GitHub comments and pull requests. TruffleHog supports the most complete list of integrations to scan across your entire SDLC.

TruffleHog sniffs out secrets everywhere: even the nooks and crannies of your GitHub comments and pull requests. TruffleHog supports the most complete list of integrations to scan across your entire SDLC.

Secrets Verification

Secrets Verification

TruffleHog’s open-source engine scans 800+ credential types, directly verified with key providers for unmatched scan accuracy.

TruffleHog’s open-source engine scans 800+ credential types, directly verified with key providers for unmatched scan accuracy.

Continuous Monitoring

Continuous Monitoring

TruffleHog continuously tracks the status of all key types to identify whether remediation has occurred. Set up alerts across the platform of your choosing and include customized messages for developers to rotate and secure keys.

TruffleHog continuously tracks the status of all key types to identify whether remediation has occurred. Set up alerts across the platform of your choosing and include customized messages for developers to rotate and secure keys.

Shift Left

Shift Left

With TruffleHog, security teams can make it easier for developers to revoke leaked secrets by providing them with an automatic process.

With TruffleHog, security teams can make it easier for developers to revoke leaked secrets by providing them with an automatic process.

Over 50K daily runs by developers and security teams

TruffleHog is a widely-used open-source security project with over 50,000 daily runs by developers and security teams. It has over 14 million downloads and 13,000 GitHub stars, making it a go-to tool for leading organizations across the globe.


Daily runs


Daily installs




GitHub stars

Cmd eliminates secrets injected into codebase

"We knew that there was a ton of exposure that was possible through the software that we were building. Secrets being injected into our codebase were inevitably going to happen. We had a ton of developers building a lot of software and we were moving super super fast. When you move fast, mistakes happen."

Jake King, Co-founder & Chief Security Officer, Cmd

Find out how Cmd was able to elevate its security posture by automating secrets detection with TruffleHog.

Read the case study

Cmd eliminates secrets injected into codebase

"We knew that there was a ton of exposure that was possible through the software that we were building. Secrets being injected into our codebase were inevitably going to happen. We had a ton of developers building a lot of software and we were moving super super fast. When you move fast, mistakes happen."

Jake King, Co-founder & Chief Security Officer, Cmd

Find out how Cmd was able to elevate its security posture by automating secrets detection with TruffleHog.

Read the case study