diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..fc3e65f
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,19 @@
+title = "Gitleaks Configuration"
+
+[extend]
+useDefault = true
+
+[[allowlists]]
+description = "Allowlisted files"
+paths = [
+  'package-lock.json',
+  'backend/package-lock.json'
+]
+
+[[allowlists]]
+description = "Test secrets"
+regexes = [
+  'test.*password',
+  'test.*secret',
+  'test.*token'
+]