Overview
Streamline your workflows by easily automating tasks and notifications into your preferred tools using External Connectors for Automations. This new capability reduces reliance on software engineering teams while improving vulnerability management workflows. You can securely store and use secrets required to authenticate with third-party services.
Use Cases
Support for internal & custom tools: Users, groups, and teams can now receive messages in internal, as well as custom-built tools your business has adopted.
Custom notifications: Customize how you receive vulnerability report notifications—filter by severity or adjust delivery methods based on the affected asset.
AI-powered actions: Use Hai to improve integration workflows, such as determining when and how to notify the right people based on context to accelerate response.
Configuration
Organizations can use the HackerOne API and any third-party APIs in their automation. If external services are being used, consider using secrets to prevent your authentication details from being exposed in the automation code. Please see the following sections for more information.
Secret Management
When using external connectors, you must securely store and use secrets required to authenticate with third-party services.
An organization can create up to 10 secrets for automation scripts. You can manage your secrets on the Secrets page. Once you reach the limit, you can always remove existing secrets to create a new one.
Secrets are securely stored and encrypted with a key only accessible to your automations. HackerOne cannot access them.
Once created, a secret can be obtained using the getSecret
callback in the automation script by its variable name
.
Example: const secret = await getSecret("secret_variable_name")
Once a secret is created, you can replace its value, edit its description, or remove it entirely, but you won’t be able to update its variable name.
Create a Secret
On the Secrets page, click the Add secret button to open a secret management modal:
Enter the following information:
Variable name - an arbitrary name which will be used to get the secret value in an automation script using
getSecret("secret_variable_name")
Description - description of the secret, to easily identify its purpose.
Secret - the value of the secret to be used to authenticate with a third-party service.
Edit Description
Select a secret from the list, click the kebab menu item on the right, and then select the Edit description option.
Enter the updated description into the Description field.
Replace a Secret
Select a secret from the list, click the kebab menu item on the right, and then select the Replace secret option.
Enter a new secret value into the New secret field.
Deleting a Secret
Select a secret from the list, click the kebab menu item on the right, and then select the Delete option.
A confirmation modal to delete a secret will pop up.
Type DELETE in the field and click Delete to delete a secret.