Manage and Activate Secret Detection

Secrets are sensitive credentials, such as API keys, passwords, and tokens, that are embedded in your code or configurations. Secret Detection is an integrated capability within Qualys TotalCloud that identifies sensitive information such as API keys, credentials, tokens, and other secrets embedded within workloads. It prevents unauthorized access, data exposure, and compliance violations by automatically scanning for secret artifacts during Snapshot-Based Assessments.

By embedding secret discovery directly into vulnerability assessments, Secret Detection enhances your cloud security posture and helps maintain compliance with organizational and industry data protection standards.

Benefits of Secret Detection

• Automatically detects hardcoded secrets in application and system files.
• Prevents accidental exposure of credentials in code and configurations.
• Supports data protection and compliance frameworks.
• Improves workload hygiene by eliminating sensitive information from insecure locations.

Set Up Secret Detection with AWS Snapshot-Based Scan

You need an existing or new AWS connector to enable Secret Detection within an AMI or Snapshot-Based Scan.

1. Create a new AWS connector or edit an existing one.
2. Go to the Tags and Activation section and select Enable Secret Detection under the Enable Zero-touch Snapshot Based Scan checkbox.
   
3. In the snapshot-based scan settings for service accounts, set the Secret Scan parameter to Enabled. For more information about service account configuration, see Snapshot-Based Scan.

Optional Configuration Parameters

• Define include directories to target specific locations, or leave the default to scan all directories.
• Use exclude directories to skip paths that do not contain sensitive data.
• Adjust the Secret Scan Timeout (default: 120 seconds) according to workload size.
• View detected secrets under the Secrets Findings section in TotalCloud.

Secret Detection strengthens credential protection across workloads by automating secret discovery within snapshot scans. It minimizes the risk of secret exposure while maintaining operational performance.