Aikido Secrets Pre-Commit Hook

The Aikido Secrets pre-commit githook scans your staged code for secrets, passwords and API keys. It stops sensitive data from ever reaching your repository, which reduces the risk of leaks and accidental exposure.

Installation

curl -fsSL https://raw.githubusercontent.com/AikidoSec/pre-commit/2235fe0536f9135aa561ce108702fac708b38977/installation-samples/install-global/install-aikido-hook.sh | bash

iex (iwr "https://raw.githubusercontent.com/AikidoSec/pre-commit/2235fe0536f9135aa561ce108702fac708b38977/installation-samples/install-global/install-aikido-hook.ps1" -UseBasicParsing)

repos:
  - repo: https://github.com/AikidoSec/pre-commit
    rev: main  # or pin to a specific commit
    hooks:
      - id: aikido-local-scanner

pre-commit install

curl -fsSL https://raw.githubusercontent.com/AikidoSec/pre-commit/2235fe0536f9135aa561ce108702fac708b38977/installation-samples/install-global/install-aikido-hook.sh | bash -s -- --download-only

irm https://raw.githubusercontent.com/AikidoSec/pre-commit/2235fe0536f9135aa561ce108702fac708b38977/installation-samples/install-global/install-aikido-hook.ps1 | % { iex \"& { $_ } -DownloadOnly\" }

The source of the script and more information about its workings are available on Github.

Testing the the pre-commit hook

To test the pre-commit hook after you've set it up, create a sample.js file in a repository:

const password = "eRwjQKVUSRX7uYV017B0cRHVKv45Gv8G"

Add this file to your staged changes. If you try commit this file, the pre-commit hook will run and block the commit with the following message:

Detected secrets in staged files!
Secret #1:
  File: sample.js
  Line: 1
  Secret: password = "****************************Gv8G"
  Description: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

Skipping a specific secret

To skip a specific secret from being flagged, add a comment on the line of the detected secret:

Disable the Aikido Secrets pre-commit scan

Temporarily bypass pre-commit hooks for a single commit

Temporarily bypass the Aikido Secrets pre-commit hook for a single commit

Uninstall

Use the uninstall script or follow the step below to manually uninstall the hook.

Manual uninstall of global pre-commit hooks

This fully removes all global Git hooks and the Aikido binary.

1. Remove the global hooks directory:

   • Unix/Linux/macOS: rm -rf ~/.git-hooks

   • Windows: Remove-Item -Recurse -Force $env:USERPROFILE\.git-hooks

2. Reset Git hooks path: git config --global --unset core.hooksPath

3. Optionally remove the binary:

   • Unix/Linux/macOS: rm ~/.local/bin/aikido-local-scanner

   • Windows: Remove-Item $env:USERPROFILE\.local\bin\aikido-local-scanner.exe

Manual uninstall of only Aikido Git Hook

If you already had your own global Git hooks and want to keep them, do not delete the hooks directory.

Instead:

1. Open the pre-commit file in your global hooks directory (for example ~/.git-hooks/pre-commit).

2. Remove only the lines that invoke aikido-local-scanner or are clearly marked as added by Aikido.

3. Save the file.

Git will keep using your existing hooks, without running Aikido Secrets.

Related articles

• Ignoring secrets via code comments

• Ignoring files using .aikido file