diff --git a/.gitallowed b/.gitallowed
new file mode 100644
index 0000000000000..25934adbf022c
--- /dev/null
+++ b/.gitallowed
@@ -0,0 +1,5 @@
+# This file contains patterns which are excluded from git-secrets matching.
+# Only add patterns where this is extremely likely to be a false positive.
+
+# This directory contains publicly available keys and is updated frequently.
+^([^:]*/)?components/certificate_transparency/data/