diff --git a/.secrets.baseline b/.secrets.baseline
index 82286da5..bc173c72 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -1,9 +1,9 @@
 {
   "exclude": {
-    "files": ".*/src/test/.*|^.secrets.baseline$",
+    "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-05-31T12:57:28Z",
+  "generated_at": "2024-06-03T10:11:05Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/build-locally.sh b/build-locally.sh
index 1e4cf9d2..27f67a0c 100755
--- a/build-locally.sh
+++ b/build-locally.sh
@@ -210,7 +210,7 @@ function displayCouchDbCodeCoverage {
 function check_secrets {
     h2 "updating secrets baseline"
     cd ${BASEDIR}
-    detect-secrets scan --exclude-files '.*/src/test/.*' --update .secrets.baseline
+    detect-secrets scan --update .secrets.baseline
     rc=$? 
     check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly" 
     success "updated secrets file"
@@ -219,6 +219,14 @@ function check_secrets {
     detect-secrets audit .secrets.baseline
     rc=$? 
     check_exit_code $rc "Failed to audit detect-secrets."
+    
+    #Check all secrets have been audited
+    secrets=$(grep -c hashed_secret .secrets.baseline)
+    audits=$(grep -c is_secret .secrets.baseline)
+    if [[ "$secrets" != "$audits" ]]; then 
+        error "Not all secrets found have been audited"
+        exit 1  
+    fi
     success "secrets audit complete"
 }