diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index eab8f02..18ed673 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -53,3 +53,9 @@ repos:
       entry: cargo-deny
       args: ['check']
       pass_filenames: false
+    - id: trufflehog
+      name: TruffleHog
+      description: Detect secrets in your data.
+      entry: bash -c 'podman run -v "$(pwd):/workdir" --rm docker.io/trufflesecurity/trufflehog:latest git file:///workdir'
+      language: system
+      stages: ["commit", "push"]