Prevents you from committing secrets and credentials into git repositories
git-secrets is a security-focused Git extension that prevents developers from accidentally committing sensitive information like passwords, API keys, and credentials to their repositories. The tool works by scanning commits, commit messages, and merge histories against configurable regular expression patterns to detect and block prohibited content before it reaches the repository.
The tool integrates seamlessly with Git through hooks that automatically check for secrets during pre-commit, commit-msg, and prepare-commit-msg phases. It comes with built-in AWS credential detection patterns and can scan for AWS Access Key IDs, Secret Access Keys, and account IDs, while also allowing users to define custom prohibited patterns. git-secrets can also scan existing repository history to audit past commits for leaked credentials.
git-secrets is essential for development teams working with cloud services, APIs, or any sensitive configuration data. It's particularly valuable for organizations using AWS services, as it includes comprehensive patterns for detecting various AWS credential types and can automatically register known credentials from local AWS configuration files. The tool supports both repository-specific and global configuration, making it easy to standardize security practices across multiple projects.
# via Homebrew
brew install git-secrets
# via Make
make install