diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
new file mode 100644
index 0000000..7f3f1a2
--- /dev/null
+++ b/.pre-commit-hooks.yaml
@@ -0,0 +1,6 @@
+- id: docker-compose-check
+  name: Validate docker-compose files
+  description: Checks that vault files are encrypted
+  entry: compose-check.sh
+  files: docker-compose.y[a]{0,1}ml$
+  language: script
diff --git a/compose-check.sh b/compose-check.sh
new file mode 100755
index 0000000..5cb2f05
--- /dev/null
+++ b/compose-check.sh
@@ -0,0 +1,29 @@
+#! /bin/bash
+# Verifies that files passed in are valid for docker-compose
+set -e
+
+check_file() {
+    local file=$1
+    docker-compose -f "$file" config -q 2>&1 \
+        | sed "/variable is not set. Defaulting/d"
+    return ${PIPESTATUS[0]}
+}
+
+check_files() {
+    local all_files=$@
+    has_error=0
+    for file in $all_files ; do
+        if [[ -f "$file" ]]; then
+            if ! check_file "$file" ; then
+                has_error=1
+            fi
+        fi
+    done
+    return $has_error
+}
+
+if ! check_files $@ ; then
+    echo "To ignore, use --no-verify"
+fi
+
+exit $has_error
diff --git a/hooks.yaml b/hooks.yaml
new file mode 100644
index 0000000..7f3f1a2
--- /dev/null
+++ b/hooks.yaml
@@ -0,0 +1,6 @@
+- id: docker-compose-check
+  name: Validate docker-compose files
+  description: Checks that vault files are encrypted
+  entry: compose-check.sh
+  files: docker-compose.y[a]{0,1}ml$
+  language: script