Prior to pushing local code to a Git repo, that may be publicly available (or even not), it’s helpful to include a shell script in this file:
.git/hooks/pre-push-check.sh#!/usr/bin/env bash
# === Terraform Pre-Push Security Check ===
echo "🔍 Running pre-push security scan..."
# Define suspicious patterns
PATTERNS="AWS_SECRET|AWS_ACCESS|PRIVATE_KEY|BEGIN RSA|password|secret|token"
# Scan all Terraform-related files
FILES=$(git ls-files '*.tf' '*.tfvars' '*.sh' '*.md')
# Search for suspicious text
if grep -E -Hn "$PATTERNS" $FILES; then
echo "🚨 Potential secret detected! Push aborted."
exit 1
else
echo "✅ No secrets detected — safe to push."
fiYou can run it prior to committing using this:
bash .git/hooks/pre-push-check.sh
g-blog 