# Install git-secrets with Homebrew, apt, dnf, Nix

Prevents you from committing sensitive information to a git repo. Version 1.3.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:git-secrets
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install git-secrets
```

  Evidence: local Homebrew formula metadata

### Linux

- Debian apt (92%):

```sh
sudo apt install git-secrets
```

  Evidence: Debian stable package indexes: git-secrets from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install git-secrets
```

  Evidence: Fedora Rawhide package metadata: git-secrets from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#git-secrets
```

  Evidence: nixpkgs package indexes: pkgs/by-name/gi/git-secrets/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:git-secrets
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/git-secrets>
- **Version:** 1.3.0
- **Source summary:** Prevents you from committing sensitive information to a git repo
- **Homepage:** <https://github.com/awslabs/git-secrets>
- **Repository:** <https://github.com/awslabs/git-secrets>
- **Upstream docs:** <https://github.com/awslabs/git-secrets#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/awslabs/git-secrets/archive/refs/tags/1.3.0.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- git-secrets (cli)
- git-secrets (alias)

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.3.0
- Local data: ok
- Upstream repository: https://github.com/awslabs/git-secrets
- Upstream latest detected: 1.3.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

git-secrets is an AWS Labs command-line tool that installs Git hooks and scans commits for prohibited secret patterns. Its best-known workflow is preventing AWS credentials and other sensitive strings from entering Git history.

### Project history

AWS Labs released git-secrets in 2015 as a hook-driven local scanner. The README documents pre-commit, commit-msg, and prepare-commit-msg hooks, as well as repository and global Git configuration for prohibited and allowed patterns.

The changelog shows rapid maturation after the initial release: 1.1.0 added full-history scanning, `.gitallowed`, cached/no-index/untracked scan modes, and staged-file scanning in hooks; 1.3.0 refined provider output handling, Windows path behavior, and IAM key detection.

### Adoption history

git-secrets became a recognizable package because it came from AWS Labs and addressed a common Git failure mode with no server dependency. Homebrew and Linux distribution packaging made it easy to add to developer workstations and repository templates.

### How it is used

Practitioners run `git secrets --install` inside a repository, often followed by `git secrets --register-aws`, so commits are blocked when configured patterns are detected. They also run `git secrets --scan-history` before publishing a repository or add custom providers for organization-specific patterns.

### Why package nerds care

The package is important in Git tooling culture because it turns secret scanning into local hooks and plain Git config. It is small, scriptable, and easy to wire into templates, which made it useful before and alongside hosted secret-scanning services.

### Timeline

- 2015: Repository created under AWS Labs.
- 2015: 1.0.0 initial release.
- 2016: 1.1.0 added full-history scans, `.gitallowed`, and more scan modes.
- 2016: 1.2.x fixed path and provider-command handling.
- 2019: 1.3.0 improved IAM key scanning and Windows path handling.

### Related projects

- Related tools and concepts include Git hooks, AWS credential files, organization-specific secret providers, repository templates, and other secret scanners used in pre-commit workflows.

### Sources

- <https://formulae.brew.sh/formula/git-secrets>
- <https://github.com/awslabs/git-secrets>
- <https://raw.githubusercontent.com/awslabs/git-secrets/master/CHANGELOG.md>
- <https://raw.githubusercontent.com/awslabs/git-secrets/master/README.rst>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .git/config, ~/.gitconfig, ~/.config/git/config, /etc/gitconfig
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** git-secrets
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - git-secrets - 1.3.0-7: normalized package name match | Debian stable package indexes: git-secrets from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Prevents accidental commits of credentials | https://github.com/awslabs/git-secrets
- Nix - git-secrets: normalized package name match | nixpkgs package indexes: pkgs/by-name/gi/git-secrets/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - git-secrets - 1.3.0-7: normalized package name match | Ubuntu 24.04 LTS package indexes: git-secrets from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Prevents accidental commits of credentials | https://github.com/awslabs/git-secrets
- dnf - git-secrets - 1.3.0-17.fc44: normalized package name match | Fedora Rawhide package metadata: git-secrets from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Prevents committing secrets and credentials into git repos | https://github.com/awslabs/git-secrets/


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [git-hound](https://www.automicvault.com/pkg/brew/git-hound/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [gitleaks](https://www.automicvault.com/pkg/brew/gitleaks/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [squealer](https://www.automicvault.com/pkg/brew/squealer/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [tartufo](https://www.automicvault.com/pkg/brew/tartufo/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [kingfisher](https://www.automicvault.com/pkg/brew/kingfisher/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [mantra](https://www.automicvault.com/pkg/brew/mantra/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [ggshield](https://www.automicvault.com/pkg/brew/ggshield/) - Shares av.db curated category or tags: cli, git-hooks, security.

## Combined YAML source

View the package source record on GitHub. [combined/git-secrets.yml](https://github.com/automic-vault/db/blob/main/combined/git-secrets.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
