detect-secrets is a security tool that scans source code repositories to identify and prevent sensitive information from being committed to version control systems. The tool operates as a pre-commit hook and integrates into development workflows to automatically examine code before commits occur. The tool uses pattern matching and heuristic analysis to detect various types of secrets including API keys, database credentials, passwords, AWS credentials, private keys, and database connection strings. It supports multiple programming languages and can be configured with custom patterns to identify organization-specific sensitive data. detect-secrets generates baseline files that track known secrets and exclude them from future scans, allowing development teams to manage existing secrets while preventing new ones from being introduced. The tool provides audit capabilities that enable users to review detected secrets and classify them as legitimate findings or false positives. The tool offers command-line interface functionality and can be integrated into continuous integration pipelines. It includes configurable rules to minimize false positives and maintain accuracy across different development projects and environments.