git-secrets

Install hooks in repository

$ git secrets --install

$ git secrets --register-aws

$ git secrets --add '[pattern]'

$ git secrets --scan

$ git secrets --scan [file.txt]

$ git secrets --list

git secrets command [options]

git-secrets prevents committing secrets and credentials to Git repositories. It installs pre-commit hooks that scan staged changes against configurable patterns, blocking commits that match known secret formats.
Created by AWS Labs, it includes built-in patterns for AWS credentials and supports custom patterns for other types of secrets.

--install

Install hooks in current repo.

Add AWS secret patterns.

Add forbidden pattern.

Add allowed pattern (exception).

Scan repository for secrets.

Scan entire commit history.

List registered patterns.

Add secret provider command.

~/.git-templates/git-secrets/

Global git template directory for automatic hook installation in new repositories.

Must be installed per-repo or via templates. Only catches patterns, not all secrets. History scanning is slow on large repos. Consider tools like gitleaks for comprehensive scanning.

git-secrets was created by AWS Labs to prevent AWS credential leaks. It's one of several tools addressing the widespread problem of secrets accidentally committed to version control.

git(1), gitleaks(1), trufflehog(1), detect-secrets(1)