diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml
index bccf2d9..08ac9fb 100644
--- a/.github/linters/.gitleaks.toml
+++ b/.github/linters/.gitleaks.toml
@@ -1,5 +1,8 @@
 title = "gitleaks config"
 
+[extend]
+useDefault = true
+
 [allowlist]
 description = "Allow test fixture data with dummy credentials"
 paths = [
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7bf2c96..3b4ab96 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## 0.1.1 Under development
 
+- fix: enable `[extend] useDefault = true` in `.github/linters/.gitleaks.toml` so consumers load gitleaks default rules instead of disabling the secret scan.
+
 ## 0.1.0 May 05, 2026
 
 - feat: initial release as `yii2-extensions/scaffold` provider for dev environment standards (editor, linters, CI).
diff --git a/metadata/.github/linters/.gitleaks.toml b/metadata/.github/linters/.gitleaks.toml
index bccf2d9..08ac9fb 100644
--- a/metadata/.github/linters/.gitleaks.toml
+++ b/metadata/.github/linters/.gitleaks.toml
@@ -1,5 +1,8 @@
 title = "gitleaks config"
 
+[extend]
+useDefault = true
+
 [allowlist]
 description = "Allow test fixture data with dummy credentials"
 paths = [