GitHub does warn you when you have API keys in your repo. Alternatively, there are CLI tools such as TruffleHog you can put in pre-commit hooks to run before commits automatically
replyYou can try GitGuardian, it is very powerful and free for individual developers and small teams. It has precommit hooks, detection in IDE and all.
replyYou can use git hooks. Pre-commit specifically.
replyAlready mentioned it in another reply, but .env and passing secrets as environment variables are a tragedy. Take a look at how SecureStore stores secrets encrypted at rest, and you’re even advised to commit them to git!
replyAt least you can put .env in the global gitignore. I haven’t committed DS_Store in 15 years because of it - its secrets will die with me.
replysorry.. global gitignore.. what have i been doing..
replyaside from already mentioned hooks you can add global .gitignore for .env files
reply