Skip to main content

ggshield secret ignore


The secret ignore command instructs ggshield to ignore secrets it finds during a scan. This command needs to be used with an option to determine what secrets it should ignore. For now, it only handles the --last-found option that ignores all the secrets found by the last run scan command.

Every time the command is run, it adds the secrets to a global list of secrets it should ignore, available in your .gitguardian.yaml file under matches-ignore:.

ggshield secret ignore

Under the hood, these secrets are added to the matches-ignore section of your local configuration file (if no local configuration file is found, a .gitguardian.yaml file is created).


  • --last-found: ignore all secrets found by last run scan

ggshield global options#

  • -h, --help: display detailed help

See also#

Warning: Using this command will discard any comments present in the config file.

Note: ggshield does not share its ignored secrets with the dashboard. Therefore, if you have integrated a repository in the dashboard and are using ggshield on this same repository:

  • a secret ignored on ggshield will still show as a potential incident on your GitGuardian dashboard.
  • a secret ignored on the dashboard will be ignored by ggshield.