#!/usr/bin/env sh

# Scan staged changes for accidentally-committed secrets.
# Skip with `git commit --no-verify` only if you're 100% sure.

if ! command -v gitleaks >/dev/null 2>&1; then
  cat <<'EOF' >&2
[pre-commit] gitleaks is not installed.

Install it once:
  macOS:   brew install gitleaks
  Linux:   https://github.com/gitleaks/gitleaks#installing
  Other:   https://github.com/gitleaks/gitleaks/releases

Then re-run your commit. To bypass this check (e.g., on a machine where you
can't install gitleaks), commit with --no-verify, but please add gitleaks
back as soon as you can.
EOF
  exit 1
fi

gitleaks protect --staged --redact --no-banner --config .gitleaks.toml
