Skip to content

SailPoint Entro API Secret Scanner

SailPoint Entro provides an API endpoint that can function locally or within a CI environment to prevent the exposure of secrets during your organization's internal processes, jobs, and code merge checks

Getting started

SailPoint Entro offers the ability to scan for secret exposures on-demand via a REST API. Integrate it into your organization's automated processes to prevent secret leaks. You can implement this as a CI/CD job or a pre-commit hook. Stay ahead of potential leaks by using the API as a preventative measure.

Step 1: Authorization

Generate an API Key using Entro App

  1. Log In to Entro App: Open the Entro App and sign in with your credentials.

  2. Navigate to API Key Section: Once logged in, go to the settings menu and select "API Keys."

  3. Create a New API Key for Admin or Scanner only: Click on "Generate New Key" and provide the required information.

  4. Save Your Key: Once generated, make sure to securely save your API key

Step 2: Testing, Execution

Review and test SailPoint Entro Scanner API by trying our Swagger API documentation /v2/scan

  • You may use the following parameters:

    • generic (boolean) - scan for generic secret types

    • redact (boolean) - redact secret value from API response

Example requests:

curl -X 'POST' \
  'https://vendor-api.entro.security/v2/scan' \
  -H 'accept: application/json' \
  -H 'Authorization: ENTRO-API-KEY'\
  -H 'Content-Type: application/json' \
  -d '{
  "data": "DATA-TO-BE-SCANNED"
}'

# API call with params:
curl -X 'POST' \
  'https://vendor-api.entro.security/v2/scan?generic=true&redact=true' \
  -H 'accept: application/json' \
  -H 'Authorization: ENTRO-API-KEY'\
  -H 'Content-Type: application/json' \
  -d '{
  "data": "DATA-TO-BE-SCANNED"
}'

Response:

{
  "requestId": "3114cc09-fd56-42ec-9287-1fddbf0de238",
  "results": {
    "request_id": "3114cc09-fd56-42ec-9287-1fddbf0de238",
    "secrets": [
      {
        "secret_type": "GITHUB_API_TOKEN",
        "exposed_value": "ghp_BTqLYdZxZZt40ad*******CiUiw1R82UC7vz",
        "line_number": 1
      }
    ]
  }
}

SailPoint Entro API Response will include the following fields per finding:

  • Secret type

  • Secret value

  • Line number

Current limitations - MVP

  • Validation is missing for this version

  • input size is limit to 2.5MB