search
Changelog NotificationsAPIAikido login

Aikido Secrets Pre-Commit Hook

The Aikido Secrets pre-commit githook scans your staged code for secrets, passwords and API keys. It stops sensitive data from ever reaching your repository, which reduces the risk of leaks and accidental exposure.

hashtag
Installation

When the Aikido IDE plugin is installed you can use the Aikido Expansion Packs to install the pre commit hook with one click.

Learn more in the Expansion Packs docs.

The source of the script and more information about its workingsarrow-up-right are available on Github.

hashtag
Testing the the pre-commit hook

To test the pre-commit hook after you've set it up, create a sample.js file in a repository:

const password = "eRwjQKVUSRX7uYV017B0cRHVKv45Gv8G"

Add this file to your staged changes. If you try commit this file, the pre-commit hook will run and block the commit with the following message:

Detected secrets in staged files!
Secret #1:
  File: sample.js
  Line: 1
  Secret: password = "****************************Gv8G"
  Description: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

hashtag
Skipping a specific secret

To skip a specific secret from being flagged, add a comment on the line of the detected secret:

hashtag
Disable the Aikido Secrets pre-commit scan

Temporarily bypass pre-commit hooks for a single commit

Temporarily bypass the Aikido Secrets pre-commit hook for a single commit

hashtag
Uninstall

Use the uninstall script or follow the step below to manually uninstall the hook.

If you've installed the Aikido pre-commit hook using the install script and want to uninstall, run:

hashtag
Manual uninstall of global pre-commit hooks

This fully removes all global Git hooks and the Aikido binary.

  1. Remove the global hooks directory:

    • Unix/Linux/macOS: rm -rf ~/.git-hooks

    • Windows: Remove-Item -Recurse -Force $env:USERPROFILE\.git-hooks

  2. Reset Git hooks path: git config --global --unset core.hooksPath

  3. Optionally remove the binary:

    • Unix/Linux/macOS: rm ~/.local/bin/aikido-local-scanner

    • Windows: Remove-Item $env:USERPROFILE\.local\bin\aikido-local-scanner.exe

hashtag
Manual uninstall of only Aikido Git Hook

If you already had your own global Git hooks and want to keep them, do not delete the hooks directory.

Instead:

  1. Open the pre-commit file in your global hooks directory (for example ~/.git-hooks/pre-commit).

  2. Remove only the lines that invoke aikido-local-scanner or are clearly marked as added by Aikido.

  3. Save the file.

Git will keep using your existing hooks, without running Aikido Secrets.

hashtag
Related articles

Last updated

Was this helpful?