This zsh plugin helps ensure that secrets do not persist in your zsh history. It checks the .zsh_history
file every 60 seconds for potential secrets using Gitleaks
. If any are found, the respective lines are purged from the history and logged.
- Gitleaks: This tool is used to scan the zsh history for potential secrets.
- jq: A lightweight and flexible command-line JSON processor.
Please follow the official installation guide for Gitleaks from here.
Please follow the official installation guide for jq from here.
- Clone this repository:
git clone https://github.com/jotasixto/purge-history-secrets.git ~/.oh-my-zsh/custom/plugins/purge-history-secrets
- Add the plugin to the list of plugins in your
~/.zshrc
:
plugins=(... purge-history-secrets)
- Reload your zsh configuration:
source ~/.zshrc
Once the plugin is enabled:
- Every 60 seconds, the plugin checks the
.zsh_history
file for potential secrets using Gitleaks. - If potential secrets are detected, the respective lines are deleted from the
.zsh_history
file. - A log of all purged lines is maintained in
~/.purge-secrets-zshhistory.log
, with timestamps indicating when each line was purged.