diff --git a/README.md b/README.md
index 7a834ff3..6b585663 100644
--- a/README.md
+++ b/README.md
@@ -308,6 +308,7 @@ use nix
 - [commitizen](https://github.com/commitizen-tools/commitizen)
 - [convco](https://github.com/convco/convco)
 - [forbid-new-submodules](https://github.com/pre-commit/pre-commit-hooks/blob/main/pre_commit_hooks/forbid_new_submodules.py)
+- [gitleaks](https://github.com/gitleaks/gitleaks)
 - [gitlint](https://github.com/jorisroovers/gitlint)
 - [gptcommit](https://github.com/zurawiki/gptcommit)
 - [no-commit-to-branch](https://github.com/pre-commit/pre-commit-hooks/blob/main/pre_commit_hooks/no_commit_to_branch.py)
diff --git a/modules/hooks.nix b/modules/hooks.nix
index 8efaf3db..fc1171bb 100644
--- a/modules/hooks.nix
+++ b/modules/hooks.nix
@@ -2929,6 +2929,14 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.fourm
         package = tools.fprettify;
         entry = "${hooks.fprettify.package}/bin/fprettify";
       };
+      gitleaks = {
+        name = "gitleaks";
+        description = "Find secrets with Gitleaks";
+        entry = lib.getExe tools.gitleaks;
+        args = [ "git" "-v" ];
+        always_run = true;
+        stages = [ "post-commit" ];
+      };
       gitlint = {
         name = "gitlint";
         description = "Linting for your git commit messages";
diff --git a/nix/tools.nix b/nix/tools.nix
index 50890dfd..cb28f051 100644
--- a/nix/tools.nix
+++ b/nix/tools.nix
@@ -35,6 +35,7 @@
 , flake-checker ? null
 , fprettify
 , git-annex
+, gitleaks
 , gitlint
 , gptcommit ? null
 , hadolint
@@ -143,6 +144,7 @@ in
     elixir
     flake-checker
     fprettify
+    gitleaks
     gitlint
     go
     go-tools