A CLI tool that scans staged files and prevents committing secrets, API keys, and credentials to git repositories.
View on GitHub↗leakcheck hooks into git's pre-commit lifecycle. When you run git commit, it scans every staged diff for secrets before the commit is written. If anything suspicious is found it exits with code 1 and blocks the commit.
Detection uses a combination of entropy analysis, regex patterns, length heuristics, and keyword matching — covering API keys, passwords, tokens, and private keys across common formats.
After initializing your git repository, install the binary:
go install github.com/traceback-afk/leakcheck/cmd/leakcheck@latest
Register leakcheck as a pre-commit hook in the current repository:
leakcheck --install-hook
From this point leakcheck runs automatically on every git commit. No further configuration is needed.