Skip to content

Have I Been Pwned (HIBP)

Indicates whether or not your listed email addresses appear in the Have I Been Pwned breach database.

Note: As of v0.19.0, WTF requires you use a Have I Been Pwned API key to connect to the service. See details below.

Configuration

hibp:
  accounts:
  - test@example.com
  - pwned@gmail.com
  apiKey: "p0d13*********************************************c3"
  colors:
    ok: "green"
    pwned: "red"
  enabled: true
  position:
    top: 4
    left: 1
    height: 1
    width: 2
  refreshInterval: 12h
  since: "2019-06-22"

Screenshots

hibp screenshot

Attributes

Name Value
accounts
A list of the accounts to check the HIBP database for. 		{{ value }}
apiKey
Your DigitalOcean API key. Leave this blank to use the WTF_DIGITALOCEAN_API_KEY environment variable.
colors
Optional The colors to display for accounts that have not been pwned and ones that have. Defaults to white for unpwned accounts, red for pwned accounts. 		{{ value }}
since
Optional Only check for breaches after this date. Set this if you've been breached in the past, have taken steps to mitigate that (changing passwords, cancelling accounts, etc.) and only want to know about future breaches. 		A date string in the format 'yyyy-mm-dd', ie: '2019-06-22'

Source Code

https://github.com/wtfutil/wtf/tree/master/modules/hibp