diff --git a/.gitguardian.yml b/.gitguardian.yml
index fc3f2171e..483245deb 100644
--- a/.gitguardian.yml
+++ b/.gitguardian.yml
@@ -1,3 +1,7 @@
-matches-ignore:
-  - name: MIXPANEL_TOKEN
-    match: acd87c5a50b56df91a795e999812a3a4
+secret:
+  ignored-paths:
+    - 'packages/server/modules/emails/tests'
+  ignored-matches:
+    - match: acd87c5a50b56df91a795e999812a3a4
+      name: 'packages/frontend/src/bootstrapper.ts - mixpanel token'
+version: 2
diff --git a/.gitignore b/.gitignore
index c20bb5f8a..20ed4169c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,6 @@ packages/server/.vscode/*.log
 # ST workspace files
 ./speckle.sublime-project
 ./speckle.sublime-workspace
+
+# GitGuardian
+.cache_ggshield
diff --git a/.husky/pre-commit b/.husky/pre-commit
index 8cddd4ca6..b9acddca1 100755
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -26,7 +26,13 @@ check_dependencies_available() {
   done
 }
 
-check_dependencies_available pre-commit hadolint helm shellcheck 
+additional_dependencies=""
+if [ -z "${CI}" ]; then
+  additional_dependencies=" ggshield"
+fi
+
+# shellcheck disable=SC2086
+check_dependencies_available pre-commit hadolint helm shellcheck circleci${additional_dependencies}
 
 echo "All systems functional, running additional pre-commit checks..."
 pre-commit run --all-files
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 1b743d9c9..46eed58a3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -21,5 +21,10 @@ repos:
     hooks:
       - id: circleci-config-validate
 
+  - repo: https://github.com/specklesystems/pre-commit
+    rev: '0.2.0'
+    hooks:
+      - id: ggshield-not-ci
+
 ci:
   autoupdate_schedule: quarterly
diff --git a/README.md b/README.md
index e8f1080df..4711d20ed 100644
--- a/README.md
+++ b/README.md
@@ -141,8 +141,11 @@ When committing to git, an automated script will run. This will check that your
   - [`hadolint`](https://github.com/hadolint/hadolint#install)
   - [`shellcheck`](https://github.com/koalaman/shellcheck#installing)
   - [`helm`](https://helm.sh/docs/intro/install/)
+  - [`circleci`](https://circleci.com/docs/local-cli)
+  - [`ggshield`](https://github.com/GitGuardian/ggshield#installation)
 - Please note that these additional checks will be run by Speckle's automated CI environment and non-conformances, if any, may prevent your Pull Request from being merged.
 - Please use the name of the package as the scope of your commit.
+- Note that `ggshield` requires you to [register an account](https://dashboard.gitguardian.com/auth/signup) and then [authorise with GitGuardian](https://github.com/GitGuardian/ggshield#initial-setup) before it can be used: `ggshield auth login`
 
 ### Security