Hidden and Ignored Files
rg has a layered ignore system. Understanding the "unrestricted" flag ladder lets you precisely control how deep you search.
The Three Ignore Layers
| Layer | What it excludes |
|---|---|
| Ignore files | Paths listed in .gitignore, .rgignore, etc. |
| Hidden files | Any file/directory beginning with . |
| Binary files | Files detected as binary (non-text) |
The -u Ladder
Each -u flag removes one layer of protection:
| Flag | Ignores ignored files | Ignores hidden files | Ignores binary files |
|---|---|---|---|
| (default) | ✅ Respects | ✅ Respects | ✅ Respects |
-u | ❌ Disabled | ✅ Respects | ✅ Respects |
-uu | ❌ Disabled | ❌ Disabled | ✅ Respects |
-uuu | ❌ Disabled | ❌ Disabled | ❌ Disabled |
Practical Examples
# Default: respects .gitignore, skips dotfiles
rg "api_key"
# Search inside node_modules (ignore .gitignore)
rg -u "lodash"
# Search dotfiles like .env, .bashrc
rg -uu "DATABASE_URL"
# Search EVERYTHING including binaries (rarely needed)
rg -uuu "SOME_STRING"
Fine-Grained Overrides
Instead of the ladder, use specific flags:
# Don't respect .gitignore but still skip hidden files
rg --no-ignore "pattern"
# Search hidden files but still respect .gitignore
rg --hidden "pattern"
# Skip .gitignore, but only for one specific directory
rg --no-ignore-vcs "pattern" node_modules/
Finding Secrets in Dotfiles
A common security task is scanning for leaked credentials in configuration files. Dotfiles are the most common hiding spot.
# Search hidden config files for potential secrets
rg -uu -t yaml -t toml -e "password" -e "secret" -e "api_key" ~/
Performance
-uu from ~/ or / will descend into .git/objects, which stores thousands of packed binary blobs. Combine with -t (file type) or --glob to avoid this.