macOS
brew install git-secretslocal Homebrew formula metadata
brew
Prevents you from committing sensitive information to a git repo. Version 1.3.0 via Homebrew; verified from local package data.
install
brew install git-secretslocal Homebrew formula metadata
sudo apt install git-secretsDebian stable package indexes · git-secrets · source: deb.debian.org
sudo dnf install git-secretsFedora Rawhide package metadata · git-secrets · source: dl.fedoraproject.org
nix profile install nixpkgs#git-secretsnixpkgs package indexes · pkgs/by-name/gi/git-secrets/package.nix · source: api.github.com
overview
Prevents you from committing sensitive information to a git repo
history
git-secrets is an AWS Labs command-line tool that installs Git hooks and scans commits for prohibited secret patterns. Its best-known workflow is preventing AWS credentials and other sensitive strings from entering Git history.
AWS Labs released git-secrets in 2015 as a hook-driven local scanner. The README documents pre-commit, commit-msg, and prepare-commit-msg hooks, as well as repository and global Git configuration for prohibited and allowed patterns.
The changelog shows rapid maturation after the initial release: 1.1.0 added full-history scanning, `.gitallowed`, cached/no-index/untracked scan modes, and staged-file scanning in hooks; 1.3.0 refined provider output handling, Windows path behavior, and IAM key detection.
git-secrets became a recognizable package because it came from AWS Labs and addressed a common Git failure mode with no server dependency. Homebrew and Linux distribution packaging made it easy to add to developer workstations and repository templates.
Practitioners run `git secrets --install` inside a repository, often followed by `git secrets --register-aws`, so commits are blocked when configured patterns are detected. They also run `git secrets --scan-history` before publishing a repository or add custom providers for organization-specific patterns.
The package is important in Git tooling culture because it turns secret scanning into local hooks and plain Git config. It is small, scriptable, and easy to wire into templates, which made it useful before and alongside hosted secret-scanning services.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.git/config~/.gitconfig~/.config/git/config/etc/gitconfigexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
git-secrets | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/awslabs/git-secrets
install metadata
| Package key | brew:git-secrets |
|---|---|
| Version | 1.3.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/git-secrets |
| Homepage | https://github.com/awslabs/git-secrets |
| Repository | https://github.com/awslabs/git-secrets |
| Upstream docs | https://github.com/awslabs/git-secrets#readme |
| License | Apache-2.0 |
| Source archive | https://github.com/awslabs/git-secrets/archive/refs/tags/1.3.0.tar.gz |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | git-secrets |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
git-secrets 1.3.0-7
Prevents accidental commits of credentials
https://github.com/awslabs/git-secrets
sudo apt install git-secretsgit-secrets
nix profile install nixpkgs#git-secretsgit-secrets 1.3.0-7
Prevents accidental commits of credentials
https://github.com/awslabs/git-secrets
sudo apt install git-secretsgit-secrets 1.3.0-17.fc44
Prevents committing secrets and credentials into git repos
https://github.com/awslabs/git-secrets/
sudo dnf install git-secretssource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.