diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f858145..70f2a09 100755
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,18 +1,19 @@
 repos:
 - repo: local
   hooks:
-    # Run the formatter.
-    - id: ruff-format
-      name: ruff-format
-      description: "Run 'ruff format' for extremely fast Python formatting"
-      entry: ruff format
-      language: python
-      types_or: [python, pyi]
-    # Run the linter.
+    # Run the ruff linter and formatter using just command
     - id: ruff
       name: ruff
-      description: "Run 'ruff' for extremely fast Python linting"
-      entry: ruff check
-      args: [ --fix ] # Enable lint fixes.
-      language: python
-      types_or: [python, pyi]
\ No newline at end of file
+      description: "Format Python code using ruff format via just command"
+      entry: just format
+      language: system
+      types_or: [python, pyi]
+      pass_filenames: false
+
+    # Check for secrets
+    - id: trufflehog
+      name: TruffleHog
+      description: Detect secrets in your data.
+      entry: bash -c "trufflehog git file://. --since-commit HEAD --only-verified --fail"
+      language: system
+      stages: ["commit", "push"]
\ No newline at end of file
diff --git a/README.md b/README.md
index 656091b..e147182 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,10 @@ With the truth threshold set to `1.0` by default, deterministic methodologies ar
 
 This project is managed by [uv](https://docs.astral.sh/uv/), linted and formated with [ruff](https://docs.astral.sh/ruff/), and tested with [pytest](https://docs.pytest.org/en/stable/).
 
+Secret scanning is done with [trufflehog](https://github.com/trufflesecurity/trufflehog).
+
+For security, use of [pre-commit](https://pre-commit.com) is expected. Ensure your hooks are installed with `pre-commit install`.
+
 Task running is done with [just](https://just.systems/man/en/). To see all available commands:
 
 ```console
diff --git a/justfile b/justfile
index eb86e9c..e9b74b1 100644
--- a/justfile
+++ b/justfile
@@ -12,6 +12,10 @@ format:
     uv run ruff format .
     uv run ruff check . --fix
 
+# Scan for secrets
+scan:
+    trufflehog git file://. --only-verified
+
 # Run Python tests
 test:
     docker compose up -d --wait
diff --git a/uv.lock b/uv.lock
index c088139..1ac2ac5 100644
--- a/uv.lock
+++ b/uv.lock
@@ -909,7 +909,7 @@ wheels = [
 
 [[package]]
 name = "matchbox"
-version = "0.1.0"
+version = "0.2.0"
 source = { editable = "." }
 dependencies = [
     { name = "altair" },