[baublet]

Oh neat. It seems useful to manage this through a CLI tool! I wonder if something like this can build in protections for common dot file mistakes like accidentally committing API keys in one’s dot files?

Nice idea!

[mksybr]

You can put something like detect-secrets[1] in a commit hook.

  no_secrets=$(git diff --staged --name-only -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline)
  test -z $no_secrets && exit $no_secrets

1: https://github.com/Yelp/detect-secrets