git-secrets
by
awslabs

Description: Prevents you from committing secrets and credentials into git repositories

View on GitHub ↗

Summary Information

Updated 41 minutes ago
Added to GitGenius on April 7th, 2021
Created on July 15th, 2015
Open Issues & Pull Requests: 131 (+0)
Number of forks: 1,254
Total Stargazers: 13,340 (+1)
Total Subscribers: 189 (+0)

Issue Activity (beta)

Open issues: 16
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 609 days
Stale 30+ days: 16
Stale 90+ days: 14

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

No label distribution available yet.

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 209.2 days
Mean response time: 395.6 days
90th percentile: 1108.2 days
Tracked items: 9

Most active contributors

Detailed Description

git-secrets is a command-line tool developed by AWS Labs that prevents developers from accidentally committing passwords, API keys, and other sensitive credentials into git repositories. Written primarily in Shell, the tool integrates directly with git's hook system to scan commits before they are finalized, blocking any changes that match configured patterns for secrets.

The core functionality revolves around pattern matching using regular expressions. When a commit is attempted, git-secrets scans the commit contents, commit messages, and non-fast-forward merge histories against a set of prohibited patterns. If a match is found, the commit is rejected and the matched text is reported to the developer. The tool supports multiple scanning modes including scanning individual files, directories recursively, the entire repository history, cached files in the git index, untracked files, and content from stdin.

Installation varies by platform. On Unix-like systems including Linux and macOS, users can place the tool in their PATH or use Homebrew for macOS. Windows users run a provided PowerShell installation script that copies necessary files to a default directory and updates the system PATH. Once installed, developers run the install command to set up git hooks for specific repositories, after which secret scanning happens automatically on commit attempts.

The tool provides specialized support for AWS credentials through the register-aws command, which adds pattern detection for AWS Access Key IDs, Secret Access Keys, account IDs, Amazon Bedrock API keys, and credentials stored in the standard AWS credentials file at ~/.aws/credentials. The patterns detect both long-lived and short-lived credentials, and the tool includes allowlisting for example AWS keys to prevent false positives. However, the documentation explicitly notes that these patterns are not guaranteed to catch all instances of AWS credentials, positioning git-secrets as an additional layer of security rather than a complete solution.

Beyond built-in patterns, git-secrets supports custom secret providers through the add-provider command, allowing organizations to register executable commands that output additional prohibited patterns. This extensibility enables integration with organization-specific secret detection logic. Users can also manually add custom prohibited or allowed patterns, with options to treat patterns as literal strings rather than regular expressions.

According to GitGenius activity tracking, the repository shows relatively slow issue and pull request response latency, with a median response time of approximately 5021.7 hours and a mean of 9494.5 hours across nine tracked items. The most active contributors tracked include LurkAndLoiter, alvincrespo, and cbarreholm, each with two recorded events. The repository shares contributors with major projects including Microsoft's VSCode and TypeScript implementations, as well as the Rust language project, indicating its use within significant development ecosystems.

The tool is classified across numerous security and development workflow categories including codebase protection, pre-commit hooks, sensitive data filtering, credentials scanning, compliance tooling, and security auditing. This broad classification reflects its role as a foundational security enforcement mechanism for development teams seeking to prevent credential leaks at the point of commit.

git-secrets
by
awslabsawslabs/git-secrets

Repository Details

Fetching additional details & charts...