SailPoint Entro API Secret Scanner
SailPoint Entro provides an API endpoint that can function locally or within a CI environment to prevent the exposure of secrets during your organization's internal processes, jobs, and code merge checks
Getting started
SailPoint Entro offers the ability to scan for secret exposures on-demand via a REST API. Integrate it into your organization's automated processes to prevent secret leaks. You can implement this as a CI/CD job or a pre-commit hook. Stay ahead of potential leaks by using the API as a preventative measure.
Step 1: Authorization
Generate an API Key using Entro App
-
Log In to Entro App: Open the Entro App and sign in with your credentials.
-
Navigate to API Key Section: Once logged in, go to the settings menu and select "API Keys."
-
Create a New API Key for Admin or Scanner only: Click on "Generate New Key" and provide the required information.

-
Save Your Key: Once generated, make sure to securely save your API key
Step 2: Testing, Execution
Review and test SailPoint Entro Scanner API by trying our Swagger API documentation /v2/scan

-
You may use the following parameters:
-
generic (boolean) - scan for generic secret types
-
redact (boolean) - redact secret value from API response
-
Example requests:
curl -X 'POST' \
'https://vendor-api.entro.security/v2/scan' \
-H 'accept: application/json' \
-H 'Authorization: ENTRO-API-KEY'\
-H 'Content-Type: application/json' \
-d '{
"data": "DATA-TO-BE-SCANNED"
}'
# API call with params:
curl -X 'POST' \
'https://vendor-api.entro.security/v2/scan?generic=true&redact=true' \
-H 'accept: application/json' \
-H 'Authorization: ENTRO-API-KEY'\
-H 'Content-Type: application/json' \
-d '{
"data": "DATA-TO-BE-SCANNED"
}'
Response:
{
"requestId": "3114cc09-fd56-42ec-9287-1fddbf0de238",
"results": {
"request_id": "3114cc09-fd56-42ec-9287-1fddbf0de238",
"secrets": [
{
"secret_type": "GITHUB_API_TOKEN",
"exposed_value": "ghp_BTqLYdZxZZt40ad*******CiUiw1R82UC7vz",
"line_number": 1
}
]
}
}
SailPoint Entro API Response will include the following fields per finding:
-
Secret type
-
Secret value
-
Line number
Current limitations - MVP
-
Validation is missing for this version
-
input size is limit to 2.5MB