-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

-
In the "Security" section of the sidebar, click Advanced Security.
-
If you have not already enabled Secret Protection, to the right of "Secret Protection", click Enable.
-
In the "Secret Protection" section, to the right of "Push protection", click Enable.
Enabling push protection for your repository
With push protection, secret scanning blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.