I came across this great tool today called gitleaks. This tool will search through directories and git repos (all locally) to see if it can find any secrets, API keys, or sensitive information that really shouldn’t be in a version control system.
It was simple to get up and running with a brew install
brew install gitleaks
From there all you need to do is point it to a regular folder, or one that is tracked using git
# git - tell the tool to search in a git repo
# v - print a verbose output
gitleaks git -v ./folder_path_of_git_repo
# dir - search in a regular directory
gitleaks dir -v ./folder_path_of_git_repo
The output has some nice colours and formatting too!
Gitleaks can be used as a standalone tool (as seen above). Alternatively it can be incorporated into pre commit or a seperate Github action to run on a pull request.