Aikido Secrets Pre-Commit Hook

The Aikido Secrets pre-commit githook scans your staged code for secrets, passwords and API keys. It stops sensitive data from ever reaching your repository, which reduces the risk of leaks and accidental exposure.

Installation

When the Aikido IDE plugin is installed you can use the Aikido Expansion Packs to install the pre commit hook with one click.

Learn more in the Expansion Packs docs.

To install the Aikido Secrets pre-commit hook for all git repositories, run:

curl -fsSL https://raw.githubusercontent.com/AikidoSec/pre-commit/0ed1821ab5e8112987eb5840105f2e0343564395/installation-samples/install-global/install-aikido-hook.sh | bash

This will download the Aikido pre-commit scanner used for secrets detection and and install the pre-commit hook script in the global hooks directory.

To install the Aikido Secrets pre-commit hook for all git repositories, run the following in PowerShell:

iex (iwr "https://raw.githubusercontent.com/AikidoSec/pre-commit/0ed1821ab5e8112987eb5840105f2e0343564395/installation-samples/install-global/install-aikido-hook.ps1" -UseBasicParsing)

This will download the Aikido pre-commit scanner used for secrets detection and and install the pre-commit hook script in the global hooks directory.

The source of the script and more information about its workings are available on Github.

Testing the the pre-commit hook

To test the pre-commit hook after you've set it up, create a sample.js file in a repository:

const password = "eRwjQKVUSRX7uYV017B0cRHVKv45Gv8G"

Add this file to your staged changes. If you try commit this file, the pre-commit hook will run and block the commit with the following message:

Detected secrets in staged files!
Secret #1:
  File: sample.js
  Line: 1
  Secret: password = "****************************Gv8G"
  Description: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

Skipping a specific secret

To skip a specific secret from being flagged, add a comment on the line of the detected secret:

const password = "eRwjQKVUSRX7uYV017B0cRHVKv45Gv8G" // gitleaks:allow

Disable the Aikido Secrets pre-commit scan

Temporarily bypass pre-commit hooks for a single commit

git commit --no-verify

Temporarily bypass the Aikido Secrets pre-commit hook for a single commit

AIKIDO_SKIP_PRE_COMMIT=1 git commit

Uninstall

Use the uninstall script or follow the step below to manually uninstall the hook.

If you've installed the Aikido pre-commit hook using the install script and want to uninstall, run:

curl -fsSL https://raw.githubusercontent.com/AikidoSec/pre-commit/e6f541e65378dd30f3f320628000f837cfba0ec4/installation-samples/install-global/uninstall-aikido-hook.sh | bash

If you've installed the Aikido pre-commit hook using the install script and want to uninstall, run:

iex (iwr "https://raw.githubusercontent.com/AikidoSec/pre-commit/e6f541e65378dd30f3f320628000f837cfba0ec4/installation-samples/install-global/uninstall-aikido-hook.ps1" -UseBasicParsing)

Manual uninstall of global pre-commit hooks

This fully removes all global Git hooks and the Aikido binary.

Remove the global hooks directory:
- Unix/Linux/macOS: rm -rf ~/.git-hooks
- Windows: Remove-Item -Recurse -Force $env:USERPROFILE\.git-hooks
Reset Git hooks path: git config --global --unset core.hooksPath
Optionally remove the binary:
- Unix/Linux/macOS: rm ~/.local/bin/aikido-local-scanner
- Windows: Remove-Item $env:USERPROFILE\.local\bin\aikido-local-scanner.exe

Manual uninstall of only Aikido Git Hook

If you already had your own global Git hooks and want to keep them, do not delete the hooks directory.

Instead:

Open the pre-commit file in your global hooks directory (for example ~/.git-hooks/pre-commit).
Remove only the lines that invoke aikido-local-scanner or are clearly marked as added by Aikido.
Save the file.

Git will keep using your existing hooks, without running Aikido Secrets.

Last updated 2 days ago

Was this helpful?