A cross-platform Git pre-commit hook that integrates Gitleaks to automatically scan your staged code for secrets before every commit.
This hook helps you prevent accidental commits of sensitive data such as:
- API keys
- Tokens
- Passwords
- Secrets in environment files or source code
If secrets are detected, the commit is blocked and a warning is displayed.
| Operating System | Supported Architectures |
|---|---|
| Linux | x86_64, arm64 |
| macOS | x86_64, arm64 (M1/M2) |
| Windows | x86_64 |
You can install the pre-commit hook and gitleaks in one command using curl:
curl -sSL https://raw.githubusercontent.com/ev-smoke/gitleak-checker/main/install.sh | bashduring installation script set enable flag for git config, but any time you can set it manually
Enable or disable the hook at any time using Git config:
# Enable the hook (default)
git config gitleaks.enabled true
# Disable the hook
git config gitleaks.enabled false# Add a file that accidentally contains a secret
git add config.py
# Attempt to commit
git commit -m "Add config"
# Output:
# [Gitleaks] Secret(s) detected. Commit rejected.-
If gitleaks is not installed, the script will download it automatically.
-
You can add ~/.gitleaks/ to your PATH to use gitleaks globally:
echo 'export PATH="$HOME/.gitleaks:$PATH"' >> ~/.bashrc
source ~/.bashrc