diff --git a/git-secrets b/git-secrets
index 8df3809..6601f9b 100755
--- a/git-secrets
+++ b/git-secrets
@@ -223,11 +223,19 @@ add_config() {
     value=$(sed 's/[\.|$(){}?+*^]/\\&/g' <<< "${value}")
   fi
   if [ ${GLOBAL} -eq 1 ]; then
-    git config --global --get-all $key | grep -Fq "${value}" && return 1
-    git config --global --add "${key}" "${value}"
+    git config --global --get-all $key | grep -Fq -- "${value}"
+    case $? in
+      0) return 1 ;; # value already exists
+      2) return 1 ;; # grep error
+      *) git config --global --add "${key}" "${value}" ;;
+    esac
   else
-    git config --get-all $key | grep -Fq "${value}" && return 1
-    git config --add "${key}" "${value}"
+    git config --get-all $key | grep -Fq -- "${value}"
+    case $? in
+      0) return 1 ;; # value already exists
+      2) return 1 ;; # grep error
+      *) git config --add "${key}" "${value}" ;;
+    esac
   fi
 }
 
diff --git a/test/git-secrets.bats b/test/git-secrets.bats
index b7a5b1c..6853eb3 100644
--- a/test/git-secrets.bats
+++ b/test/git-secrets.bats
@@ -238,6 +238,11 @@ load test_helper
   echo "$output" | grep -F 'secrets.allowed testing\+abc'
 }
 
+@test "Adds secrets beginning with --" {
+  repo_run git-secrets --add --literal --global -- '--TEST'
+  [ $status -eq 0 ]
+}
+
 @test "Empty lines must be ignored in .gitallowed files" {
   setup_bad_repo
   echo '' >> $TEST_REPO/.gitallowed