This can be an optional feature, once enabled, git-add would check the hunk(s) to stage for sensitive information, such as passwords, secret tokens, then ask the user for confirmation.
The implementation for secret detection could be regexp pattern(s), and/or (trusted?) commands Alternative solutions might be hooks during commit, push or recieve, but it should be the best to do this in the first place during git-add. The context of this is the following HN discussion about passwords on GitHub: https://news.ycombinator.com/item?id=13650818
