Download
git-secrets is a Git extension that helps prevent secrets—API keys, credentials, tokens, private keys—from being accidentally committed into version control. It works by applying configurable regular-expression patterns over commit contents (and merge history) and rejecting commits or merges that violate the policy. The tool includes hooks that integrate into git commit and git merge, as well as commands to list, add, or remove secret patterns, and to scan existing history for leaks. Teams often deploy it as part of their developer toolchain to enforce a security guardrail: you catch leaks early rather than discovering them later. It is also often used in CI pipelines or continuous code quality checks to detect in-flight vulnerabilities. While git-secrets is not a full secrets management system, it plays a key role in defense-in-depth by preventing accidental exposure in source.
Features
- Installs Git hooks (pre-commit, commit-msg, prepare-commit-msg) that block commits or merges containing prohibited patterns
- Ability to scan past history (all commits, existing repository) for patterns to catch issues retroactively
- Configurable prohibited and allowed patterns via regex or literal matching, allowing suppression of false positives
- Support for “secret providers” which are executables that output additional prohibited patterns (e.g. AWS credentials)
- Cross-platform install support: *nix (Linux/macOS), Windows via PowerShell, Homebrew etc.
- Optionally skip checks via --no-verify for special cases, also ability to set global templates so new repos automatically include hooks
Project Samples
