diff --git a/.gitguardian.yaml b/.gitguardian.yaml
new file mode 100644
index 000000000..2dbdb036d
--- /dev/null
+++ b/.gitguardian.yaml
@@ -0,0 +1,5 @@
+secret:
+  ignored-matches:
+    - match: d1585b49ffa864bfb76b2432b26933a866c3cf621a9d5dd41690c1568edd85ed
+      name: Generic High Entropy Secret - charts/pocket/templates/configmap-genesis.yaml
+version: 2
diff --git a/.gitignore b/.gitignore
index 147c70bec..d049b2729 100644
--- a/.gitignore
+++ b/.gitignore
@@ -87,3 +87,6 @@ tools/wiki
 
 # ignore highest precedence config file read by default
 /config.json
+
+# ggshield
+.cache_ggshield
diff --git a/Makefile b/Makefile
index fff096aef..a88a4b943 100644
--- a/Makefile
+++ b/Makefile
@@ -573,3 +573,11 @@ search_interfaces: ## Greps and outputs all of the structs in the project (exclu
 .PHONY: search_protos
 search_protos: ## Finds all of the proto files in the project (excluding vendor)
 	find . -name "*.proto" -not -path "./vendor/*"
+
+.PHONY: ggshield_secrets_scan
+ggshield_secrets_scan: ## Scans the project for secrets using ggshield
+	ggshield secret scan path --recursive .
+
+.PHONY: ggshield_secrets_add
+ggshield_secrets_add: ## A helper that adds the last results from `make ggshield_secrets_scan`, store in `.cache_ggshield` to `.gitguardian.yaml`. See `ggshield for more configuratiosn`
+	ggshield secret ignore --last-found
\ No newline at end of file