diff --git a/.gitleaksignore b/.gitleaksignore
new file mode 100644
index 0000000..b20dfb8
--- /dev/null
+++ b/.gitleaksignore
@@ -0,0 +1,4 @@
+# False positives - documentation examples with placeholder credentials
+053e909940b7b5370e855b9bf5236f04d8bdd451:QUICKSTART.md:curl-auth-user:197
+b8b8da13d3c62c597d4029c23ed1a0ae7073e561:REMOTE_SERVER.md:curl-auth-header:61
+b8b8da13d3c62c597d4029c23ed1a0ae7073e561:REMOTE_SERVER.md:curl-auth-header:358
diff --git a/Makefile b/Makefile
index 3b3aaec..55a1c84 100644
--- a/Makefile
+++ b/Makefile
@@ -4,12 +4,13 @@
 BINARY_NAME := edge-connect-mcp
 GO := go
 GOLANGCI_LINT := $(GO) run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.2
+GITLEAKS := $(GO) run github.com/zricethezav/gitleaks/v8@v8.30.0
 
 # Build flags
 LDFLAGS := -s -w
 BUILD_FLAGS := -ldflags "$(LDFLAGS)"
 
-.PHONY: all build clean fmt format lint test run help vet tidy install-hooks
+.PHONY: all build clean fmt format lint gitleaks test run help vet tidy install-hooks
 
 # Default target
 all: fmt vet lint build
@@ -36,6 +37,12 @@ vet: ## Run go vet
 lint: ## Run golangci-lint
 	$(GOLANGCI_LINT) run ./...
 
+gitleaks: ## Check for secrets in git history
+	$(GITLEAKS) git --staged
+
+gitleaks-all: ## Check for secrets in git history
+	$(GITLEAKS) git .
+
 ## Dependency management
 
 tidy: ## Tidy go modules
diff --git a/go.mod b/go.mod
index 02dfea9..e6d6a60 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module edp.buildth.ing/DevFW-CICD/edge-connect-mcp
 
-go 1.25.3
+go 1.25.5
 
 require (
 	edp.buildth.ing/DevFW-CICD/edge-connect-client/v2 v2.1.2
diff --git a/scripts/hooks/pre-commit b/scripts/hooks/pre-commit
index 4beba3f..a522e31 100755
--- a/scripts/hooks/pre-commit
+++ b/scripts/hooks/pre-commit
@@ -21,4 +21,8 @@ fi
 echo "Running linter..."
 make lint
 
+# Check for secrets with gitleaks
+echo "Checking for secrets..."
+make gitleaks --staged
+
 echo "Pre-commit checks passed!"