Secrets protection

Blocks tool inputs that contain credentials and redacts secrets from tool outputs before they reach the model, using whichever of gitleaks, betterleaks, trufflehog, or detect-secrets is installed (gitleaks recommended). Without a scanner installed, scanning is skipped and a session-start warning explains how to enable it.

.claude/fencepost.yaml
import:
  - secrets

Full preset

presets/secrets.yaml
# Fencepost preset: secrets

meta:
  title: Secrets protection
  description: >-
    Blocks tool inputs that contain credentials and redacts secrets from tool
    outputs before they reach the model, using whichever of gitleaks,
    betterleaks, trufflehog, or detect-secrets is installed (gitleaks
    recommended). Without a scanner installed, scanning is skipped and a
    session-start warning explains how to enable it.

secrets:
  enabled: true

Full preset​

Full preset