Automic VaultAutomic Vault

brew

Install git-secrets with Homebrew, apt, dnf, Nix

Prevents you from committing sensitive information to a git repo. Version 1.3.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install git-secrets

local Homebrew formula metadata

Linux

Debian aptverified · 92%
sudo apt install git-secrets

Debian stable package indexes · git-secrets · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install git-secrets

Fedora Rawhide package metadata · git-secrets · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#git-secrets

nixpkgs package indexes · pkgs/by-name/gi/git-secrets/package.nix · source: api.github.com

overview

Package summary

Prevents you from committing sensitive information to a git repo

Commands and aliases

  • git-secrets

history

Project history and usage

git-secrets is an AWS Labs command-line tool that installs Git hooks and scans commits for prohibited secret patterns. Its best-known workflow is preventing AWS credentials and other sensitive strings from entering Git history.

Project history

AWS Labs released git-secrets in 2015 as a hook-driven local scanner. The README documents pre-commit, commit-msg, and prepare-commit-msg hooks, as well as repository and global Git configuration for prohibited and allowed patterns.

The changelog shows rapid maturation after the initial release: 1.1.0 added full-history scanning, `.gitallowed`, cached/no-index/untracked scan modes, and staged-file scanning in hooks; 1.3.0 refined provider output handling, Windows path behavior, and IAM key detection.

Adoption history

git-secrets became a recognizable package because it came from AWS Labs and addressed a common Git failure mode with no server dependency. Homebrew and Linux distribution packaging made it easy to add to developer workstations and repository templates.

How it is used

Practitioners run `git secrets --install` inside a repository, often followed by `git secrets --register-aws`, so commits are blocked when configured patterns are detected. They also run `git secrets --scan-history` before publishing a repository or add custom providers for organization-specific patterns.

Why package nerds care

The package is important in Git tooling culture because it turns secret scanning into local hooks and plain Git config. It is small, scriptable, and easy to wire into templates, which made it useful before and alongside hosted secret-scanning services.

Timeline

  • 2015: Repository created under AWS Labs.
  • 2015: 1.0.0 initial release.
  • 2016: 1.1.0 added full-history scans, `.gitallowed`, and more scan modes.
  • 2016: 1.2.x fixed path and provider-command handling.
  • 2019: 1.3.0 improved IAM key scanning and Windows path handling.

Related projects

  • Related tools and concepts include Git hooks, AWS credential files, organization-specific secret providers, repository templates, and other secret scanners used in pre-commit workflows.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.git/config~/.gitconfig~/.config/git/config/etc/gitconfig

executables

Installed executables

CommandKindExposureNote
git-secretscliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.3.0
manager updated
local dataok
upstreamcurrent
latest detected1.3.0

https://github.com/awslabs/git-secrets

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:git-secrets
Version1.3.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/git-secrets
Homepagehttps://github.com/awslabs/git-secrets
Repositoryhttps://github.com/awslabs/git-secrets
Upstream docshttps://github.com/awslabs/git-secrets#readme
LicenseApache-2.0
Source archivehttps://github.com/awslabs/git-secrets/archive/refs/tags/1.3.0.tar.gz
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegit-secrets
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

git-secrets 1.3.0-7

Prevents accidental commits of credentials

https://github.com/awslabs/git-secrets

sudo apt install git-secrets
  • Section: vcs
  • Architecture: all
  • normalized package name match
  • Matched by: Git Secrets
Debian stable package indexes · deb.debian.org · Debian stable package indexes: git-secrets from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

git-secrets

nix profile install nixpkgs#git-secrets
  • normalized package name match
  • Matched by: Git Secrets
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gi/git-secrets/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

git-secrets 1.3.0-7

Prevents accidental commits of credentials

https://github.com/awslabs/git-secrets

sudo apt install git-secrets
  • Section: universe/vcs
  • Architecture: all
  • normalized package name match
  • Matched by: Git Secrets
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: git-secrets from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

git-secrets 1.3.0-17.fc44

Prevents committing secrets and credentials into git repos

https://github.com/awslabs/git-secrets/

sudo dnf install git-secrets
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: git-secrets
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Git Secrets
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: git-secrets from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment