Skip to main content

External Connectors

Organizations: Streamline your workflows using External Connectors for Automations

Updated over a week ago

Overview

Streamline your workflows by easily automating tasks and notifications into your preferred tools using External Connectors for Automations. This new capability reduces reliance on software engineering teams while improving vulnerability management workflows. You can securely store and use secrets required to authenticate with third-party services.

Use Cases

Support for internal & custom tools: Users, groups, and teams can now receive messages in internal, as well as custom-built tools your business has adopted.

Custom notifications: Customize how you receive vulnerability report notifications—filter by severity or adjust delivery methods based on the affected asset.

AI-powered actions: Use Hai to improve integration workflows, such as determining when and how to notify the right people based on context to accelerate response.

Configuration

Organizations can use the HackerOne API and any third-party APIs in their automation. If external services are being used, consider using secrets to prevent your authentication details from being exposed in the automation code. Please see the following sections for more information.

Secret Management

When using external connectors, you must securely store and use secrets required to authenticate with third-party services.

An organization can create up to 10 secrets for automation scripts. You can manage your secrets on the Secrets page. Once you reach the limit, you can always remove existing secrets to create a new one.

Secrets are securely stored and encrypted with a key only accessible to your automations. HackerOne cannot access them.

Once created, a secret can be obtained using the getSecret callback in the automation script by its variable name.

Example: const secret = await getSecret("secret_variable_name")

Once a secret is created, you can replace its value, edit its description, or remove it entirely, but you won’t be able to update its variable name.

Create a Secret

On the Secrets page, click the Add secret button to open a secret management modal:

Enter the following information:

  • Variable name - an arbitrary name which will be used to get the secret value in an automation script using getSecret("secret_variable_name")

  • Description - description of the secret, to easily identify its purpose.

  • Secret - the value of the secret to be used to authenticate with a third-party service.

Edit Description

Select a secret from the list, click the kebab menu item on the right, and then select the Edit description option.

Enter the updated description into the Description field.

Replace a Secret

Select a secret from the list, click the kebab menu item on the right, and then select the Replace secret option.

Enter a new secret value into the New secret field.

Deleting a Secret

Select a secret from the list, click the kebab menu item on the right, and then select the Delete option.

A confirmation modal to delete a secret will pop up.

Type DELETE in the field and click Delete to delete a secret.

Did this answer your question?