diff --git a/.github/workflows/secret_scanning.yml b/.github/workflows/secret_scanning.yml
new file mode 100644
index 0000000..d73b4db
--- /dev/null
+++ b/.github/workflows/secret_scanning.yml
@@ -0,0 +1,10 @@
+name: "Secret Scanning"
+on:
+  push:
+
+jobs:
+  check_commits:
+    uses: trufflesecurity/trufflehog@main
+    with:
+      extra_args: --results=verified,unknown
+
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..6755b23
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,14 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: "v5.0.0"
+  hooks:
+  - id: no-commit-to-branch
+- repo: https://github.com/trufflesecurity/trufflehog.git
+  rev: "v3.84.2"
+  hooks:
+  - id: trufflehog
+    name: TruffleHog
+    description: Detect secrets in your data.
+    entry: bash -c 'trufflehog git file://. --since-commit HEAD --only-verified --fail --no-update'
+    language: system
+    stages: ["pre-commit", "pre-push"]