TruffleHog
Uncovers exposed non-human identities and secrets, making remediation easier.

TruffleHog is an open-source and enterprise secrets detection tool that scans source code, version history, chat systems, and cloud services for leaked API keys, passwords, and credentials. It classifies over 800 secret types, validates whether they are still active, and provides detailed analysis of exposed identities. An enterprise tier adds continuous monitoring, dashboards, integrations, and role-based access control for security teams.
TruffleHog scans repositories, version histories, and integrated platforms to discover, classify, and validate leaked secrets, then surfaces findings through a dashboard or CLI for remediation.
Developers and security teams managing credential and secrets exposure risks
Background.
- Status
- launched
- Business model
- freemium
- Company
- Truffle Security Co.
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.