A pre-commit hook to prevent uploading secrets (API keys) by accident

pre-commit

#!/bin/bash
#
# A pre-commit hook to prevent uploading secrets (API keys) by accident

read -r -d "" SECRETS <<"EOF"
YOUR_API_KEY
SECRET2
EOF

# find changed files
changed_files=$(git diff --cached --name-only --diff-filter=ACM)

# loop through each file
while IFS= read -r file; do
    # check for each secret
    while IFS= read -r secret; do
        line_number=$(grep -n "$secret" "$file" | cut -d : -f 1)
        if [ ! -z "$line_number" ]; then
            echo "Found $secret in $file:$line_number"
            exit 1
        fi
    done <<< "$SECRETS"
done <<< "$changed_files"