ggshield honeytoken plant

Description

Detect endpoint intrusion by planting a honeytoken on this machine.

ggshield honeytoken plant [OPTIONS]

Honeytokens deployed are fully synchronized with the GitGuardian platform. Apply the desired on-disk state: write/refresh the decoy AWS credentials profile for write entries, remove it for delete (revoked) entries — preserving any other profiles. ggshield never revokes a honeytoken; it only reports placement status.

Authorize with the honeytokens:write scope.

Options

--type TEXT: Honeytoken type to plant.

Default: aws.
--method [aws_credentials|aws_config_profile]: Placement method (steers creation of a new deployment only).
--filename TEXT: Override the on-disk basename for a new deployment (safe charset only).
--profile-name TEXT: Override the profile/section name for a new deployment.
--user TEXT: Target OS user (defaults to the current user; as root, narrows the fan-out).
--user-dir PATH: Override the resolved home directory (single-user; testing).
--force: Overwrite the honeytoken profile if it exists and is not ours.
--list-targets: Print the resolved planting targets and exit (no API call, no disk writes).
--remove-only: Cleanup-only: read current state (read-only) and apply only delete actions.

This command supports all ggshield global options.

ggshield honeytoken plant

Description

Options

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Description​

Options​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Options