From f207311033e281df9775d669b38684a372fde8ad Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Fri, 17 Apr 2026 10:14:23 +0000
Subject: [PATCH] add gitleaks

---
 .gitallowed             | 23 -----------------------
 .pre-commit-config.yaml |  8 ++++----
 2 files changed, 4 insertions(+), 27 deletions(-)
 delete mode 100644 .gitallowed

diff --git a/.gitallowed b/.gitallowed
deleted file mode 100644
index 93b46849..00000000
--- a/.gitallowed
+++ /dev/null
@@ -1,23 +0,0 @@
-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
-github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
-token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
-id-token: write
---token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
---token=\$GITHUB-TOKEN
---token="\$GITHUB-TOKEN"
-.*Gemfile\.lock.*
-.*\.gitallowed.*
-.*nhsd-rules-deny.txt.*
-.*\.venv.*
-.*node_modules.*
-.:src/resources/clinical_content_view.*root=*
-.:src/resources/clinical_content_view.*codeSystem=*
-.:src/resources/prescription_search.*root=*
-.:src/live-spine-client.*root=*
-0ba20a521167058a74f3b6e65c42d732054e5753:docs.*
-0ba20a521167058a74f3b6e65c42d732054e5753:scripts/.*
-root=\"1\.2
-root=\"2\.1
-codeSystem=\"1\.
-codeSystem=\"2\.
-2\.16\.840\.1
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 03eaebb4..49d48888 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -70,13 +70,13 @@ repos:
         pass_filenames: false
         always_run: true
 
-      - id: git-secrets
-        name: Git Secrets
-        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+      - id: gitleaks
+        name: Git Leaks
+        description: gitleaks scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
         entry: bash
         args:
           - -c
-          - 'git-secrets --pre_commit_hook'
+          - "gitleaks git --pre-commit --redact --staged --verbose"
         language: system
 fail_fast: true
 default_stages: [pre-commit]