Stop Leaking Secrets to GitHub | Build a Python Git Pre-Commit Hook (Step-by-Step)

Have you ever accidentally committed a password, API key, or secret to GitHub? It happens more often than you think — and once it’s pushed, automated scanners can find it in seconds. In this video, I build a Python-based Git pre-commit hook that blocks commits if it detects secrets like: • AWS Access Keys • Private Keys • JWT Tokens • MongoDB URIs • Hardcoded passwords This is a practical DevOps security tool you can use in real projects to prevent accidental credential leaks. We go step-by-step through: Writing the detection logic Understanding regex patterns Scanning staged files Blocking commits using exit codes Connecting the script to Git hooks Live demo of it working If you're a DevOps engineer, backend developer, or security-conscious programmer — this is something you should implement immediately. ⏱ Timestamps 00:00 – Live Demo (Secret Detected & Commit Blocked) 00:30 – Importing Requirements & Declaring Secret Patterns 01:20 – Creating the Staged Files Function 05:00 – Building the scan_file() Logic 08:05 – Writing the main() Function & Exit Logic 12:01 – Adding Script to Git Hooks (pre-commit) 14:00 – Final Working Demo (Commit Blocked in Action) Get the patterns code to copy paste : https://github.com/TheDevOpsRite/Bash-Script/tree/main Explore the channel and find my website for more content: https://devopsrite.vercel.app/ 🔒 Why This Matters Public repositories are constantly scanned for exposed credentials. A simple mistake can lead to: Cloud bill explosions Production database exposure API abuse Security breaches This lightweight Git hook prevents the mistake before it happens. If you found this useful, subscribe to TheDevOpsRite for more practical DevOps automation, security tools, and real-world engineering breakdowns.