forked from huseynovvusal/gitai
-
Notifications
You must be signed in to change notification settings - Fork 0
Security
Jonathan Artback edited this page Jan 4, 2026
·
1 revision
gitai is designed with security in mind.
Before sending any git diff to an AI provider, gitai scans the content locally for sensitive patterns. This prevents accidental leakage of API keys, passwords, or private tokens to third-party LLMs.
- Gitai fetches the diff.
- It compares the added lines against a list of blocked keywords.
- If a match is found, the process aborts immediately with a warning, showing exactly what matched.
- No network request is made.
The built-in blocklist includes common sensitive terms:
-
api_key,apikey,secret,token -
password,passwd,pwd -
private_key,auth_token,access_token client_secret- ...and more.
You can extend this list in your config file or via environment variables.
Via Config (gitai.yaml):
security:
keywords:
- "stripe_live_key"
- "internal_auth_header"Via Environment Variable:
export GITAI_SENSITIVE_KEYWORDS="stripe_live_key,internal_auth_header"-
Ollama (Recommended for Privacy): If you run
gitaiwith theollamaprovider, everything happens on your local machine. Your code never leaves your computer. -
Third-Party APIs (GPT, Gemini): When using these providers, the diff of your staged changes is sent to their servers.
- Do not include secrets in your commits (the scanner helps, but isn't foolproof).
- Be aware of the data retention policies of the AI provider you choose.