git log -S is the pickaxe. It finds commits where the count of a given string in the diff changed — i.e. where the string was introduced or removed.
Classic use case: "Where did this magic number come from?"
git log -S"MAX_CONNECTIONS = 64" --source --all
Or the security version: "When did this hardcoded key first appear?"
git log -S"AKIA" --all -p
The -p adds the diff so you see which lines changed in each matching commit, which is usually what you actually want.
Pickaxe vs. git grep:
git grep "foo" searches the current working tree (or one specific commit). Tells you where foo is now.git log -S"foo" searches diffs across history. Tells you when foo appeared or disappeared. It will find strings that no longer exist in the codebase.
Useful flags:
--all — search every branch, not just the current one. Essential when the string was introduced on a branch that got merged or deleted.--source — annotate each result with the ref it was found on.--reverse — oldest match first, so you see the introducing commit at the top.-- <path> — restrict to a path. git log -S"jwt" -- src/auth/ is far faster than scanning the whole repo.
Gotcha: -S is a substring count change check, not a regex. The string must appear literally. Spaces and newlines matter. If you don't get hits, try a shorter unique substring.