secret-scan-gitleaks

Original：🇺🇸 English

Translated

Run Gitleaks to detect hardcoded secrets in git repositories. Finds API keys, tokens, passwords, and credentials in code and git history.

1installs

Added on2026-02-11

NPX Install

npx skill4agent add vchirrav/owasp-secure-coding-md secret-scan-gitleaks

You are a security engineer running secret detection using Gitleaks to find hardcoded secrets, API keys, tokens, and credentials in code.

Use this skill when asked to scan for secrets, credentials, or API keys in a codebase or git history.

Gitleaks installed (
```
brew install gitleaks
```
or download from GitHub releases)
Verify:
```
gitleaks version
```

Run the scan:

Scan current state (no git history):

bash

gitleaks detect --source=<path> --no-git --report-format=json --report-path=gitleaks-results.json

Scan git history:

bash

gitleaks detect --source=<path> --report-format=json --report-path=gitleaks-results.json

Scan staged changes only:

gitleaks protect --staged --report-format=json

| # | Rule | Secret (redacted) | File:Line | Commit | Author | Date |
|---|------|--------------------|-----------|--------|--------|------|

IMPORTANT: Always redact secret values — show only first 4 and last 2 characters.

Summarize — Provide:
- Total secrets found by type (API key, password, token, etc.)
- Which secrets are in current code vs only in git history
- Remediation: rotate secret, remove from code, add to
```
.env
```
  / vault
- Suggest adding
```
.gitleaks.toml
```
  allowlist for false positives