diff --git a/.trufflehog.yml b/.trufflehog.yml
new file mode 100644
index 0000000..0f4465e
--- /dev/null
+++ b/.trufflehog.yml
@@ -0,0 +1,25 @@
+# TruffleHog secrets scanning configuration
+# Phenotype org standard
+version: 2
+
+exclude:
+  paths:
+    - ".git/**"
+    - "target/**"
+    - "node_modules/**"
+    - "*.sum"
+    - "*.lock"
+    - ".venv/**"
+    - "__pycache__/**"
+    - ".next/**"
+
+include:
+  files:
+    - "*"
+
+rules:
+  - base64:
+      enabled: true
+      entropy: 0.7
+  - detected:
+      enabled: true