Skip to content

Exposed Secrets

The Exposed Secrets section allows administrators to configure how SailPoint Entro manages, validates, and automates the handling of discovered secrets across connected environments. These settings help reduce false positives, improve triage efficiency, and maintain a consistent, secure approach to secret detection.

Each configuration option updates automatically and applies to future scans and detections.

Excluded "Not-a-secret" Hashes

The Excluded "Not-a-secret" hashes table lists all secrets that have been explicitly marked as "Not a secret" in the Exposed Inventory.

This process helps reduce noise in the system by removing non-sensitive values that may resemble credentials but pose no actual risk.

Each excluded entry includes:

  • Hash: A unique identifier of the excluded secret.

  • Secret Snippet: A short, redacted preview for reference.

  • Exclusion Timestamp: The date and time when the secret was marked as "Not a secret".

  • Excluded By: Indicates who or what performed the exclusion.

Caution

Once a secret is added to the exclusion list, it will no longer appear in scans or trigger risk alerts unless the exclusion is manually removed.