This zsh plugin helps ensure that secrets do not persist in your zsh history. It checks the .zsh_history file every 60 seconds for potential secrets using Gitleaks. If any are found, the respective lines are purged from the history and logged.
- Gitleaks: This tool is used to scan the zsh history for potential secrets.
- jq: A lightweight and flexible command-line JSON processor.
Please follow the official installation guide for Gitleaks from here.
Please follow the official installation guide for jq from here.
- Clone this repository:
git clone https://github.com/jotasixto/purge-history-secrets.git ~/.oh-my-zsh/custom/plugins/purge-history-secrets- Add the plugin to the list of plugins in your
~/.zshrc:
plugins=(... purge-history-secrets)- Reload your zsh configuration:
source ~/.zshrcOnce the plugin is enabled:
- Every 60 seconds, the plugin checks the
.zsh_historyfile for potential secrets using Gitleaks. - If potential secrets are detected, the respective lines are deleted from the
.zsh_historyfile. - A log of all purged lines is maintained in
~/.purge-secrets-zshhistory.log, with timestamps indicating when each line was purged.