diff --git a/.gitguardian.yaml b/.gitguardian.yaml
new file mode 100644
index 0000000000..c418cc9071
--- /dev/null
+++ b/.gitguardian.yaml
@@ -0,0 +1,30 @@
+version: 2
+
+# Set to true if the desired exit code for the CLI is always 0,
+# otherwise the exit code will be 1 if incidents are found
+# the environment variable GITGUARDIAN_EXIT_ZERO=true can also be used toggle this behavior.
+exit-zero: false # default: false
+
+verbose: false # default: false
+
+instance: https://api.gitguardian.com/
+
+# Maximum commits to scan in a hook.
+max-commits-for-hook: 50 # default: 50
+
+# Accept self-signed certificates for the API.
+allow-self-signed: false # default: False
+
+secret:
+  show-secrets: false # default: false
+
+  # Exclude files and paths by globbing
+  ignored-paths:
+    - '**/README.md'
+    - 'doc/*'
+    - 'LICENSE'
+    - '**/examples/cactus-example-carbon-accounting-backend/example-config.json'
+
+  # Detectors to ignore.
+  ignored-detectors: # default: []
+    - Generic Password
\ No newline at end of file
diff --git a/.github/workflows/gg-shield-action.yaml b/.github/workflows/gg-shield-action.yaml
new file mode 100644
index 0000000000..f1b1d5001f
--- /dev/null
+++ b/.github/workflows/gg-shield-action.yaml
@@ -0,0 +1,34 @@
+name: GitGuardian scan
+
+on: 
+  push:
+  pull_request:
+    # Publish `main` as Docker `latest` image.
+    branches:
+      - main
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+jobs:
+  scanning:
+    name: GitGuardian scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2.4.0
+        with:
+          fetch-depth: 0 # fetch all history so multiple commits can be scanned
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: GitGuardian scan
+        uses: GitGuardian/ggshield-action@v1.14.4
+        with:
+          args: --show-secrets --exit-zero --all-policies --verbose
+        env:
+          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
+          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
+          GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          GITHUB_DEFAULT_BRANCH: main
+          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
\ No newline at end of file