diff --git a/.gitea/workflows/pr-check.yaml b/.gitea/workflows/pr-check.yaml
index 9d37c4d..3e2e308 100644
--- a/.gitea/workflows/pr-check.yaml
+++ b/.gitea/workflows/pr-check.yaml
@@ -30,7 +30,7 @@ jobs:
             --redact=50 \
             --verbose \
             --exit-code 1
-            --exclude-files "README.md"
+        # --exclude-files "README.md"
 
   lint_test:
     name: lint tests
diff --git a/.gitleaks.toml b/.gitleaks.toml
index a928cfb..d91c521 100644
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -28,3 +28,13 @@ id = "sidekiq-secret"
 description = "Sidekiq Secret"
 regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
 entropy = 2.5
+
+# ==========================
+# File-specific entropy overrides
+# ==========================
+[[rules]]
+id = "generic-api-key-docs"
+description = "Ignore placeholder secrets in README.md"
+regex = "(?i)(api[_-]?key|secret|token)=\\S+"
+filepath = "README.md"
+entropy = 10.0   # very high threshold, placeholders won't trigger
\ No newline at end of file