Git Hooks
Install a pre-commit hook that scans staged files for 20+ secret patterns and blocks commits containing leaked credentials.
Installation
# Install the hook in the current repo fyvault hook install # Verify it's active cat .git/hooks/pre-commit
What it scans
The scanner checks for 20+ patterns across two confidence levels:
| Confidence | Examples | Action |
|---|---|---|
| HIGH | AWS keys, GitHub tokens, Stripe keys, private keys, JWTs | Blocks commit |
| MEDIUM | Generic API keys, database URLs, passwords in config | Warning (configurable to block) |
Configuration
Add a .fyvault-hooks.yaml to your repo root to customize behavior:
# .fyvault-hooks.yaml block_on_medium: true # Block commits on MEDIUM findings allow_patterns: # Patterns to ignore - "EXAMPLE_KEY=test_*" - "*.test.ts" exclude_paths: - "docs/" - "*.md"
Framework integration
Husky
# .husky/pre-commit fyvault hook scan --staged
pre-commit framework
# .pre-commit-config.yaml
repos:
- repo: https://github.com/fyvault/pre-commit-hooks
rev: v1.0.0
hooks:
- id: fyvault-scanManual scanning
# Scan staged files fyvault hook scan --staged # Scan entire repo fyvault hook scan --all # Scan a specific file fyvault hook scan src/config.ts
See also: fyvault init, Compliance Reports