macOS
brew install trufflehoglocal Homebrew formula metadata
sudo port install trufflehogMacPorts ports tree · security/trufflehog/Portfile · source: api.github.com
brew
Find and verify credentials. Version 3.95.8 via Homebrew; verified 2026-07-03.
install
brew install trufflehoglocal Homebrew formula metadata
sudo port install trufflehogMacPorts ports tree · security/trufflehog/Portfile · source: api.github.com
nix profile install nixpkgs#trufflehognixpkgs package indexes · pkgs/by-name/tr/trufflehog/package.nix · source: api.github.com
sudo zypper install trufflehogopenSUSE Tumbleweed package metadata · trufflehog · source: download.opensuse.org
choco install trufflehogChocolatey community package catalog · trufflehog · source: community.chocolatey.org
scoop install main/trufflehogScoop official bucket manifest trees · bucket/trufflehog.json · source: api.github.com
overview
Find and verify credentials
history
TruffleHog is an open-source secrets scanner for finding, classifying, verifying, and analyzing leaked credentials across Git repositories and many other sources.
The original TruffleHog was written to detect API keys, passwords, and secrets committed to Git. In April 2022, Truffle Security introduced TruffleHog v3 as a major rewrite focused on speed, broader detector coverage, and automatic validation for supported secrets.
The v3 announcement positioned verification as the central change: instead of only matching strings, the scanner can call provider APIs to determine whether a discovered secret is live. The project also moved toward a larger open detector ecosystem, with hundreds of supported key types and contribution paths for new detectors.
The current README describes TruffleHog as a discovery, classification, validation, and analysis tool that scans Git, chats, wikis, logs, API-testing platforms, object stores, filesystems, and more. It also documents enterprise monitoring as a commercial layer while keeping the core scanner open source.
TruffleHog spread because secret leakage is a concrete, recurring operational problem: a key committed once may remain in Git history even after later commits remove it. Truffle Security's GitHub Actions guide shows the tool used in CI to scan pull requests and pushes before leaks move farther into deployment pipelines.
The tool's package-manager footprint is broad: Homebrew, Docker images, binary releases, install scripts, and distro packages all make it easy to drop into local audits, CI jobs, pre-commit workflows, and incident response scripts.
Common CLI usage includes scanning a remote Git repository, a GitHub organization, a local Git repository, S3 or GCS buckets, Docker images, filesystems, Jira, Slack, and other collaboration surfaces. Security teams often run it with verified-only results to prioritize active credentials.
For package nerds, TruffleHog is a canonical 'install this before you publish or rotate credentials' tool: it is easy to add to a shell, CI workflow, or one-off audit and it returns structured JSON when automation needs to consume findings.
TruffleHog matters because it turned secrets scanning into a normal CLI/package-manager concern. The same binary can be used interactively with Homebrew, containerized through Docker, or pinned in CI, which fits how security tooling actually lands in developer environments.
Its distinction from simple grep-like scanners is verification. Package users care because reducing false positives changes the economics of adopting a scanner in every repository.
security posture
No matching local secret-handling manifest was found for trufflehog. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
trufflehog | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/trufflesecurity/trufflehog
install metadata
| Package key | brew:trufflehog |
|---|---|
| Version | 3.95.8 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/trufflehog |
| Homepage | https://trufflesecurity.com/ |
| Repository | https://github.com/trufflesecurity/trufflehog |
| Upstream docs | https://github.com/trufflesecurity/trufflehog#readme |
| License | AGPL-3.0-only |
| Source archive | https://github.com/trufflesecurity/trufflehog/archive/refs/tags/v3.95.8.tar.gz |
| Last updated | 2026-07-03T00:12:26Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | trufflehog |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
trufflehog
nix profile install nixpkgs#trufflehogtrufflehog 3.95.4-1.1
CLI tool to find exposed secrets in source and archives
https://github.com/trufflesecurity/trufflehog
sudo zypper install trufflehogtrufflehog
sudo port install trufflehogtrufflehog
choco install trufflehogmain/trufflehog
scoop install main/trufflehogsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.