diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 98a5da19..d78e340f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -94,3 +94,12 @@ repos:
         pass_filenames: false
         args: [--warnings]
         additional_dependencies: ["pyright@1.1.256"]
+  - repo: https://github.com/trufflesecurity/trufflehog.git
+    rev: v3.40.0
+    hooks:
+      - id: trufflehog
+        name: secret scan
+        entry: trufflehog filesystem ./
+        args:
+          - --only-verified
+          - --fail