> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# List secrets



## OpenAPI

````yaml /public_v1.openapi.yaml get /api/v1/deployments/{deploymentId}/secrets
openapi: 3.0.3
info:
  description: >

    Welcome to Semgrep's portal for the Semgrep AppSec Platform web API.


    # Introduction

    Semgrep is a fast, open-source, static analysis tool for finding bugs and
    enforcing code standards at editor,

    commit, and CI time. [Get
    started.](https://semgrep.dev/docs/getting-started/)


    This API is documented in the **OpenAPI format**.


    # Authentication

    The API supports authentication with an API token with the "Web API"
    permission, without limited

    scopes of access.


    You can provision an API token [from the Settings
    page](https://semgrep.dev/orgs/-/settings/tokens).


    # Terms of Use


    Please note, the materials made available herein are subject to the

    [Semgrep Terms of Use](https://semgrep.dev/resources/website-terms/), and
    your

    access or use of any of the same is your acknowledgment and acceptance of
    the

    such terms.


    <br>


    ___
  title: Semgrep Web App
  version: 1.0.0
servers: []
security: []
tags:
  - description: >-
      Deployments encapsulate your organization's security organization, with
      multiple projects, policies, and integrations. As the root object of the
      organization, they're similarly the root object of the API.
    name: DeploymentsService
    x-displayName: Deployment
    x-group: Deployment
  - description: >-
      Manage and retrieve code, supply chain, and AI-powered scan findings from
      Semgrep scans
    name: FindingsService
    x-displayName: Code, Supply Chain, and AI-Powered Scan
    x-group: Code, Supply Chain, and AI-Powered Scan
  - description: Utility endpoints.
    name: MiscService
    x-displayName: Other
    x-group: Other
  - description: >-
      View and manage the Policies of your organization.


      Deployments on the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.
    name: PoliciesService
    x-displayName: Policies
    x-group: Policies
  - name: ProjectsService
    x-displayName: Projects
    x-group: Projects
  - description: View details of scans associated with projects in your organization.
    name: ScansService
    x-displayName: Scans
    x-group: Scans
  - description: View and manage the Secrets of your organization.
    name: SecretsService
    x-displayName: Secrets
    x-group: Secrets
  - description: |-
      Manage the Supply Chain findings and dependencies of your organization.

      A request body is required, but may be an empty object.
    name: SupplyChainService
    x-displayName: Supply Chain
    x-group: Supply Chain
  - description: Create and manage external tickets
    name: TicketingService
    x-displayName: Ticketing
    x-group: Ticketing
  - description: View and manage the triage of your organization.
    name: TriageService
    x-displayName: Triage
    x-group: Triage
paths:
  /api/v1/deployments/{deploymentId}/secrets:
    get:
      tags:
        - SecretsService
      summary: List secrets
      operationId: SecretsService_ListSecretsPath
      parameters:
        - in: path
          name: deploymentId
          required: true
          schema:
            description: >-
              Deployment ID (numeric). Example: `123`. Can be found at
              `/deployments`, or in your Settings in the web UI.
            example: 123
            format: int64
            type: string
        - in: query
          name: cursor
          schema:
            description: >-
              Cursor to paginate through the rules. Provide a cursor value from
              the response to retrieve the next page.
            type: string
        - in: query
          name: limit
          schema:
            description: Page size to paginate through the results.
            format: int64
            type: integer
        - in: query
          name: since
          schema:
            format: date-time
            type: string
        - in: query
          name: validationState
          schema:
            description: >-
              Whether the finding was validated or not.

               - VALIDATION_STATE_UNSPECIFIED: Return results for all validation states (can also omit this parameter).
              - VALIDATION_STATE_CONFIRMED_VALID: Secret has been tested and is
              confirmed valid.
               - VALIDATION_STATE_CONFIRMED_INVALID: Secret has been tested and is confirmed invalid.
               - VALIDATION_STATE_VALIDATION_ERROR: Secret test was attempted and there was an error.
               - VALIDATION_STATE_NO_VALIDATOR: There is no validator for this secret.
            format: string
            items:
              enum:
                - VALIDATION_STATE_UNSPECIFIED
                - VALIDATION_STATE_CONFIRMED_VALID
                - VALIDATION_STATE_CONFIRMED_INVALID
                - VALIDATION_STATE_VALIDATION_ERROR
                - VALIDATION_STATE_NO_VALIDATOR
              format: enum
              type: string
            type: array
        - in: query
          name: status
          schema:
            default: FINDING_STATUS_UNSPECIFIED
            description: |-
              Status of the finding.

               - FINDING_STATUS_UNSPECIFIED: Return results for all finding statuses (if used as a parameter).
               - FINDING_STATUS_OPEN: Finding is open and needs to be triaged
               - FINDING_STATUS_IGNORED: Finding has been triaged and is being ignored
               - FINDING_STATUS_FIXED: Finding has been fixed
               - FINDING_STATUS_REMOVED: Finding has been removed
               - FINDING_STATUS_UNKNOWN: Finding status is unknown
            enum:
              - FINDING_STATUS_UNSPECIFIED
              - FINDING_STATUS_OPEN
              - FINDING_STATUS_IGNORED
              - FINDING_STATUS_FIXED
              - FINDING_STATUS_REMOVED
              - FINDING_STATUS_UNKNOWN
              - FINDING_STATUS_PROVISIONALLY_IGNORED
            format: enum
            type: string
        - in: query
          name: severity
          schema:
            description: |-
              Severity of the finding.

               - SEVERITY_UNSPECIFIED: Return results for all severities (if used as a parameter).
            format: string
            items:
              enum:
                - SEVERITY_UNSPECIFIED
                - SEVERITY_HIGH
                - SEVERITY_MEDIUM
                - SEVERITY_LOW
                - SEVERITY_CRITICAL
              format: enum
              type: string
            type: array
        - in: query
          name: repo
          schema:
            description: Repositories to view results for. If not specified, returns all.
            format: string
            items:
              type: string
            type: array
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/protos.openapi.v1.ListSecretsPathResponse'
          description: OK
      security:
        - SemgrepWebToken: []
components:
  schemas:
    protos.openapi.v1.ListSecretsPathResponse:
      properties:
        cursor:
          description: Cursor to paginate through the results.
          type: string
        findings:
          description: List of Secrets associated with the given Deployment.
          example:
            cursor: Pm0ROjIwMjQtMDItMDYgMjA6MDQ6NDguMEDzNzk2fmk6NYTM2zUxOTI=
            findings:
              - confidence: CONFIDENCE_HIGH
                createdAt: '2024-06-17T17:23:01.901204Z'
                findingPath: src/ai.py:232
                findingPathUrl: >-
                  https://github.com/foo/bar/blob/6ad16b240d4b6ae5bd6e326dd71053c21344e311/src/ai.py#L232
                id: '691234'
                mode: MODE_MONITOR
                ref: refs/pull/148/merge
                refUrl: https://github.com/foo/bar/pull/148
                repository:
                  name: foo/bar
                  scmType: SCM_TYPE_GITHUB
                  url: https://github.com/foo/bar
                  visibility: REPOSITORY_VISIBILITY_PRIVATE
                reviewComments:
                  - externalDiscussionId: af0433345acfb74c8f9
                    externalNoteId: '5678'
                ruleHashId: lBU41LA
                severity: SEVERITY_HIGH
                status: FINDING_STATUS_FIXED
                type: OpenAI
                updatedAt: '2024-06-20T17:33:00.669343Z'
                validationState: VALIDATION_STATE_CONFIRMED_VALID
              - confidence: CONFIDENCE_MEDIUM
                createdAt: '2024-06-08T11:01:23.380293Z'
                findingPath: config.yaml:801
                findingPathUrl: >-
                  https://github.com/foo/baz/blob/e2b6d5ca75d830e10f5f617481a66a981bd093c0/config.yaml#L801
                id: '6881234'
                mode: MODE_COMMENT
                ref: develop
                refUrl: https://github.com/foo/baz/tree/develop
                repository:
                  name: foo/baz
                  scmType: SCM_TYPE_GITHUB
                  url: https://github.com/foo/baz
                  visibility: REPOSITORY_VISIBILITY_PRIVATE
                reviewComments:
                  - externalDiscussionId: af0476223423b74c8f9
                    externalNoteId: '6789'
                ruleHashId: pKUYdA
                severity: SEVERITY_HIGH
                status: FINDING_STATUS_IGNORED
                type: Heroku
                updatedAt: '2024-06-22T11:07:02.384500Z'
                validationState: VALIDATION_STATE_CONFIRMED_INVALID
          items:
            $ref: '#/components/schemas/protos.secrets.v1.SecretsFinding'
          type: array
        previous:
          description: Cursor to paginate backwards through the results.
          type: string
      type: object
    protos.secrets.v1.SecretsFinding:
      description: A Finding represents a single secret finding.
      properties:
        autotriage:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Autotriage'
          description: |-
            * Autotriage info for the finding.
             This is used for the Generic Secrets Detection project, for
             autotriaging secrets findings with LLMs
        confidence:
          description: |+
            Confidence of the finding.

            | value | description |
            |-------|---------------|
            | CONFIDENCE_HIGH |  |
            | CONFIDENCE_MEDIUM |  |
            | CONFIDENCE_LOW |  |

          enum:
            - CONFIDENCE_HIGH
            - CONFIDENCE_MEDIUM
            - CONFIDENCE_LOW
          format: enum
          type: string
        createdAt:
          description: Creation timestamp.
          format: date-time
          type: string
        externalTicket:
          allOf:
            - $ref: '#/components/schemas/protos.ticketing.v1.ExternalTicket'
          description: The external ticket reference
        findingPath:
          description: File path where the finding was detected.
          type: string
        findingPathUrl:
          description: URL to the file where the finding was detected.
          type: string
        historicalInfo:
          allOf:
            - $ref: '#/components/schemas/protos.secrets.v1.HistoricalInfo'
          description: Historical scanning info for the finding.
        id:
          description: ID of the finding.
          type: string
        mode:
          description: >+
            The behavior of the finding reporting: Monitor / Comment / Block.


            | value | description |

            |-------|---------------|

            | MODE_MONITOR | Monitor mode, silently report findings |

            | MODE_COMMENT | Comment mode, leaves PR comments but does not block
            |

            | MODE_BLOCK | Block mode, leaves PR comments and blocks PR |

            | MODE_DISABLED | Disabled mode, not active |

          enum:
            - MODE_MONITOR
            - MODE_COMMENT
            - MODE_BLOCK
            - MODE_DISABLED
          format: enum
          type: string
        ref:
          description: Branch where the finding was detected.
          type: string
        refUrl:
          description: URL to the branch where the finding was detected.
          type: string
        repository:
          allOf:
            - $ref: '#/components/schemas/protos.secrets.v1.SecretsFinding_Repository'
          description: Repository where the finding was detected.
        reviewComments:
          description: >-
            List of external review comment information associated with a
            finding
          items:
            $ref: '#/components/schemas/protos.common.v1.ReviewComment'
          type: array
        ruleHashId:
          description: ID of the rule that triggered the finding.
          type: string
        severity:
          description: |+
            Severity of the finding.

            | value | description |
            |-------|---------------|
            | SEVERITY_HIGH |  |
            | SEVERITY_MEDIUM |  |
            | SEVERITY_LOW |  |
            | SEVERITY_CRITICAL |  |

          enum:
            - SEVERITY_HIGH
            - SEVERITY_MEDIUM
            - SEVERITY_LOW
            - SEVERITY_CRITICAL
          format: enum
          type: string
        status:
          description: |+
            Status of the finding.

            | value | description |
            |-------|---------------|
            | FINDING_STATUS_OPEN |  |
            | FINDING_STATUS_IGNORED |  |
            | FINDING_STATUS_FIXED |  |
            | FINDING_STATUS_REMOVED |  |
            | FINDING_STATUS_UNKNOWN |  |
            | FINDING_STATUS_PROVISIONALLY_IGNORED |  |

          enum:
            - FINDING_STATUS_OPEN
            - FINDING_STATUS_IGNORED
            - FINDING_STATUS_FIXED
            - FINDING_STATUS_REMOVED
            - FINDING_STATUS_UNKNOWN
            - FINDING_STATUS_PROVISIONALLY_IGNORED
          format: enum
          type: string
        type:
          description: >-
            Service type for the secrets finding (e.g. AWS, GitHub, GitLab,
            etc).
          type: string
        updatedAt:
          description: Update timestamp.
          format: date-time
          type: string
        validationState:
          description: |+
            Whether the finding was validated or not.

            | value | description |
            |-------|---------------|
            | VALIDATION_STATE_CONFIRMED_VALID |  |
            | VALIDATION_STATE_CONFIRMED_INVALID |  |
            | VALIDATION_STATE_VALIDATION_ERROR |  |
            | VALIDATION_STATE_NO_VALIDATOR |  |

          enum:
            - VALIDATION_STATE_CONFIRMED_VALID
            - VALIDATION_STATE_CONFIRMED_INVALID
            - VALIDATION_STATE_VALIDATION_ERROR
            - VALIDATION_STATE_NO_VALIDATOR
          format: enum
          type: string
      type: object
    protos.ai.v1.Autotriage:
      properties:
        feedback:
          $ref: '#/components/schemas/protos.ai.v1.AutotriageFeedback'
        id:
          type: string
        issueId:
          type: string
        matchBasedId:
          type: string
        memoryIdsReferenced:
          items:
            type: string
          type: array
        memoryIdsRendered:
          items:
            type: string
          type: array
        reason:
          description: >-
            The reasoning for a false positive verdict, explaining why you might
            want to ignore the finding. Empty string if verdict is true
            positive.
          type: string
        verdict:
          description: |+

            | value | description |
            |-------|---------------|
            | VERDICT_TRUE_POSITIVE |  |
            | VERDICT_FALSE_POSITIVE |  |
            | VERDICT_NO_VERDICT |  |

          enum:
            - VERDICT_TRUE_POSITIVE
            - VERDICT_FALSE_POSITIVE
            - VERDICT_NO_VERDICT
          format: enum
          type: string
      type: object
    protos.ticketing.v1.ExternalTicket:
      properties:
        externalSlug:
          description: >-
            Identifier of the external ticket (e.g. for Jira, something like
            OPS-158).
          type: string
        id:
          description: Nango ticket id
          type: string
        linkedIssueIds:
          description: Semgrep issue ids that are linked to this external ticket
          items:
            type: string
          type: array
        url:
          description: URL of the external ticket.
          type: string
      type: object
    protos.secrets.v1.HistoricalInfo:
      properties:
        gitBlob:
          description: >-
            Git blob at which the finding is present. Sent in addition to the
            commit
             since some SCMs have permalinks which use the blob sha, so this information
             is useful when generating links back to the SCM.
          type: string
        gitCommit:
          description: >-
            Git commit at which the finding is present. Used by "historical"
            scans,
             which scan non-HEAD commits in the git history. Relevant for finding, e.g.,
             secrets which are buried in the git history which we wouldn't find at HEAD
          type: string
        gitCommitTimestamp:
          format: date-time
          type: string
      type: object
    protos.secrets.v1.SecretsFinding_Repository:
      description: Repository where the finding was detected.
      properties:
        name:
          description: Repository name
          type: string
        scmType:
          description: |+
            Provider for the finding (e.g. GitHub, GitLab, GHE, etc).

            | value | description |
            |-------|---------------|
            | SCM_TYPE_GITHUB | GitHub Cloud |
            | SCM_TYPE_GITHUB_ENTERPRISE | GitHub Enterprise |
            | SCM_TYPE_GITLAB | GitLab Cloud |
            | SCM_TYPE_GITLAB_SELFMANAGED | GitLab Self-Managed |
            | SCM_TYPE_BITBUCKET | Bitbucket Cloud |
            | SCM_TYPE_BITBUCKET_DATACENTER | Bitbucket Data Center |
            | SCM_TYPE_AZURE_DEVOPS | Azure DevOps |
            | SCM_TYPE_UNKNOWN |  |
            | SCM_TYPE_HARNESS | Harness |

          enum:
            - SCM_TYPE_GITHUB
            - SCM_TYPE_GITHUB_ENTERPRISE
            - SCM_TYPE_GITLAB
            - SCM_TYPE_GITLAB_SELFMANAGED
            - SCM_TYPE_BITBUCKET
            - SCM_TYPE_BITBUCKET_DATACENTER
            - SCM_TYPE_AZURE_DEVOPS
            - SCM_TYPE_UNKNOWN
            - SCM_TYPE_HARNESS
          format: enum
          type: string
        url:
          description: URL to the repository where the finding was detected.
          type: string
        visibility:
          description: |+
            Repository visbility (e.g. public, private, unknown).

            | value | description |
            |-------|---------------|
            | REPOSITORY_VISIBILITY_PUBLIC |  |
            | REPOSITORY_VISIBILITY_PRIVATE |  |
            | REPOSITORY_VISIBILITY_UNKNOWN |  |

          enum:
            - REPOSITORY_VISIBILITY_PUBLIC
            - REPOSITORY_VISIBILITY_PRIVATE
            - REPOSITORY_VISIBILITY_UNKNOWN
          format: enum
          type: string
      type: object
    protos.common.v1.ReviewComment:
      properties:
        externalDiscussionId:
          description: External ID of the review comment or discussion thread.
          type: string
        externalNoteId:
          description: >-
            External ID of the specific note in the review comment discussion
            thread. Only applicable for GitLab.com, GitLab Self-Managed and
            Azure DevOps.
          type: string
      type: object
    protos.ai.v1.AutotriageFeedback:
      properties:
        autotriageId:
          type: string
        note:
          type: string
        rating:
          description: |+

            | value | description |
            |-------|---------------|
            | RATING_GOOD | Autotriage rated positively by a user. |
            | RATING_BAD | Autotriage rated negatively by a user. |

          enum:
            - RATING_GOOD
            - RATING_BAD
          format: enum
          type: string
      type: object
  securitySchemes:
    SemgrepWebToken:
      bearerFormat: string
      description: >-
        Get access to data with your API token. Example header:


        `Authorization: Bearer
        2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628`


        The token can be provisioned from the Tokens section in your Settings,
        and requires explicitly enabling `Web API` access.
      scheme: bearer
      type: http

````