detecting-aws-credential-exposure-with-trufflehog

Featured

Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using TruffleHog, git-secrets, and AWS-native detection mechanisms to prevent credential theft and unauthorized account access.

DevOps & Infrastructure 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Detecting AWS Credential Exposure with TruffleHog ## When to Use - When integrating secrets detection into CI/CD pipelines to prevent credential commits reaching production - When performing a security audit of existing repositories for historically committed AWS credentials - When responding to an AWS GuardDuty alert about credential usage from an unexpected IP or region - When onboarding repositories from acquired companies or third-party vendors - When validating that credential rotation processes have removed all references to old access keys **Do not use** for real-time credential monitoring (use AWS GuardDuty or Amazon Macie), for managing secrets (use AWS Secrets Manager or HashiCorp Vault), or for detecting non-credential sensitive data like PII (use Amazon Macie or DLP tools). ## Prerequisites - TruffleHog v3 installed (`brew install trufflehog` or `pip install trufflehog`) - git-secrets installed for pre-commit hook integration (`brew install git-secrets`) - Access to source code repositories (GitHub, GitLab, Bitbucket, or local git repos) - AWS CLI configured with permissions to check key status (`iam:ListAccessKeys`, `iam:GetAccessKeyLastUsed`) - GitHub or GitLab API token for scanning organization-wide repositories ## Workflow ### Step 1: Install and Configure TruffleHog Install TruffleHog v3 and verify it can detect the AWS credential patterns. ```bash # Install TruffleHog v3 pip install trufflehog # Or install from binary release curl -sSfL https://...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

GitLab · DevTools Bitbucket · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

secret-detection

Detect secrets in code, git history, and running containers — pre-commit hooks, CI scanning, and incident response for exposed credentials.

15 Updated today
sawrus
DevOps & Infrastructure Featured

implementing-secrets-scanning-in-ci-cd

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

13,115 Updated today
mukul975
DevOps & Infrastructure Featured

detecting-compromised-cloud-credentials

Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible travel patterns, unauthorized resource provisioning, and credential abuse indicators using GuardDuty, Defender for Identity, and SCC Event Threat Detection.

13,115 Updated today
mukul975
AI & Automation Solid

secret-detection-scanner

Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor CI/CD logs for exposure, generate remediation steps, and track secret rotation status.

1,160 Updated today
a5c-ai
DevOps & Infrastructure Featured

detecting-cloud-threats-with-guardduty

This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.

13,115 Updated today
mukul975