Skip to content
Recued
Menu
← Back to packs

TruffleHog Pack

by recued-core v1 app_pack

V3 local secret-discovery capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local trufflehog CLI ingredient exposes bounded operations for readiness, filesystem secret scans, and local Git-history secret scans. Filesystem scans accept one trusted file or directory and Git scans run from an explicit project directory cwd against file://.; both return JSONL findings. Fixed-function and reproducible at the invocation boundary: JSON output, no verification/API login checks, no update check, no GitHub/GitLab/cloud/container/CI/Elasticsearch/Jenkins/Postman sources, no caller-supplied config, no custom verifier endpoints, no detector include/exclude lists, no archive expansion, no output-file write, no stdin, no arbitrary flags, and no shell wrapper. Findings use TruffleHog's --fail exit code and are represented as successful JSONL output; real scan errors still fail. Requires trufflehog on PATH. Local and no-egress when used with --no-verification and --no-update.

What this pack installs

  • trufflehog Ingredient

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Server only Runs on your server.

What it's allowed to do

Read Local CLI trufflehog read-only
Read: trufflehog.version · No approvalRead: security.scan_secrets · No approvalRead: security.scan_git_history_secrets · No approval

Data it touches

SurfacesLocal CLI

About

Tags

pack:trufflehogtrufflehogclisecuritysecretssecret-discoverygit-historyrepositoryjsonldeveloper-toolsdeterministiclocal-servicev3composition