#Setting up engine configuration

1. To start working with the Secrets module, you must first create a VCS or CLI project in the Settings -> Projects section.

2. After creating the project, you must set the secrets engine configuration in the Settings -> Secrets section by opening the form using the Setup new button.

3. In the configuration form, specify a name, select an engine for searching for secrets in the code, and provide its standard configuration. The configuration will be passed to the selected engine during scanning.

In the Verification tool field, you can select one of the supported engines:

• Gitleaks 8.27.0;
• TruffleHog 3.93.8.

Example configuration for Gitleaks:

title = "Gitleaks title"

[extend]
useDefault = true

More details on configuring the Gitleaks engine can be found in the tool documentation.

Example configuration for TruffleHog:

detectors:
  - name: generic-api-key
    keywords:
      - key
      - api
      - token
      - secret
      - client
      - passwd
      - password
      - auth
      - access
    regex:
      # generic-api-key regular expression from Gitleaks
      generic-api-key: "(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\"|\\s|=|\\x60){0,5}([0-9a-z\\-_.=]{10,150})(?:['|\"|\\n|\\r|\\s|\\x60|;]|$)"

More details on configuring the TruffleHog engine can be found in the tool documentation.

#Setting up default engine configuration

To set the default configuration you need to click the Use by default button in the configuration settings.

To use the default configuration for a project check the Use default flag in the Secrets section of the project settings. The configuration currently used by default will be shown in parentheses.