From 10ce480836832a673f9c39ffc0a66e488ee375eb Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 15:14:09 +0100 Subject: [PATCH 01/10] [ISS-1258][DC] updating the detect_aws_credentials to support temp json files --- pre_commit_hooks/detect_aws_credentials.py | 53 +++++++++++++++++--- testing/resources/aws_temp_secrets_file.json | 7 +++ tests/detect_aws_credentials_test.py | 17 +++++++ 3 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 testing/resources/aws_temp_secrets_file.json diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index 85822886..5276b621 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -5,13 +5,12 @@ import os from collections.abc import Sequence from typing import NamedTuple - +import json class BadFile(NamedTuple): filename: str key: str - def get_aws_cred_files_from_env() -> set[str]: """Extract credential file paths from environment variables.""" return { @@ -23,17 +22,38 @@ def get_aws_cred_files_from_env() -> set[str]: if env_var in os.environ } - def get_aws_secrets_from_env() -> set[str]: """Extract AWS secrets from environment variables.""" keys = set() for env_var in ( - 'AWS_SECRET_ACCESS_KEY', 'AWS_SECURITY_TOKEN', 'AWS_SESSION_TOKEN', + 'AWS_SECRET_ACCESS_KEY', 'AWS_SECURITY_TOKEN', 'AWS_SESSION_TOKEN', ): if os.environ.get(env_var): keys.add(os.environ[env_var]) return keys +def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: + """Extract AWS secrets from JSON configuration files. + + Read a JSON-style configuration file and return a set with all found AWS + secret access keys. + """ + aws_credentials_file_path = os.path.expanduser(json_credentials_file) + if not os.path.exists(aws_credentials_file_path): + return set() + + with open(aws_credentials_file_path, 'r') as f: + try: + data = json.load(f) + except json.JSONDecodeError: + return set() + + keys = set() + for var in ('AccessKeyId', 'SecretAccessKey', 'SessionToken', 'aws_secret_access_key', 'aws_security_token', 'aws_session_token'): + if var in data.get('Credentials', {}): + keys.add(data['Credentials'][var]) + return keys + def get_aws_secrets_from_file(credentials_file: str) -> set[str]: """Extract AWS secrets from configuration files. @@ -54,8 +74,8 @@ def get_aws_secrets_from_file(credentials_file: str) -> set[str]: keys = set() for section in parser.sections(): for var in ( - 'aws_secret_access_key', 'aws_security_token', - 'aws_session_token', + 'aws_secret_access_key', 'aws_security_token', + 'aws_session_token', ): try: key = parser.get(section, var).strip() @@ -104,6 +124,16 @@ def main(argv: Sequence[str] | None = None) -> int: 'secret keys. Can be passed multiple times.' ), ) + parser.add_argument( + '--json-credentials-file', + dest='json_credential_file_locations', + action='append', + default=['~/.aws/cli/cache/', '~/.aws/login/cache/'], + help=( + 'Location of additional AWS JSON credential file from which to get ' + 'secret keys. Can be passed multiple times.' + ), + ) parser.add_argument( '--allow-missing-credentials', dest='allow_missing_credentials', @@ -113,6 +143,13 @@ def main(argv: Sequence[str] | None = None) -> int: args = parser.parse_args(argv) credential_files = set(args.credentials_file) + json_credential_file_locations = set(args.json_credential_file_locations) + json_credential_files = set() + for json_credential_file_location in json_credential_file_locations: + if os.path.isdir(os.path.expanduser(json_credential_file_location)): + for filename in os.listdir(os.path.expanduser(json_credential_file_location)): + if filename.endswith('.json'): + json_credential_files.add(os.path.join(json_credential_file_location, filename)) # Add the credentials files configured via environment variables to the set # of files to to gather AWS secrets from. @@ -122,6 +159,8 @@ def main(argv: Sequence[str] | None = None) -> int: for credential_file in credential_files: keys |= get_aws_secrets_from_file(credential_file) + for json_credential_file in json_credential_files: + keys |= get_aws_secrets_from_json_file(json_credential_file) # Secrets might be part of environment variables, so add such secrets to # the set of keys. keys |= get_aws_secrets_from_env() @@ -148,4 +187,4 @@ def main(argv: Sequence[str] | None = None) -> int: if __name__ == '__main__': - raise SystemExit(main()) + raise SystemExit(main()) \ No newline at end of file diff --git a/testing/resources/aws_temp_secrets_file.json b/testing/resources/aws_temp_secrets_file.json new file mode 100644 index 00000000..fbf14c91 --- /dev/null +++ b/testing/resources/aws_temp_secrets_file.json @@ -0,0 +1,7 @@ +{ + "accessToken": { + "accessKeyId": "tempAccessKeyId", + "secretAccessKey": "tempSecretAccessKey", + "sessionToken": "tempSessionToken" + } +} \ No newline at end of file diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index afda47a9..ae26cd82 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -7,6 +7,7 @@ from pre_commit_hooks.detect_aws_credentials import get_aws_cred_files_from_env from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_env from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_file +from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_json_file from pre_commit_hooks.detect_aws_credentials import main from testing.util import get_resource_path @@ -67,6 +68,22 @@ def test_get_aws_secrets_from_env(env_vars, values): with patch.dict('os.environ', env_vars, clear=True): assert get_aws_secrets_from_env() == values +@pytest.mark.parametrize( + ('filename', 'expected_keys'), + ( + ( + 'aws_temp_secrets_file.json', + {"tempAccessKeyId", "tempSecretAccessKey", "tempSessionToken"}, + ), + ('nonsense.txt', set()), + ('ok_json.json', set()), + ), +) +def test_get_aws_secrets_from_json_file(filename, expected_keys): + """Test that reading secrets from files works.""" + keys = get_aws_secrets_from_json_file(get_resource_path(filename)) + assert keys == expected_keys + @pytest.mark.parametrize( ('filename', 'expected_keys'), From 6f0f112e534277ddb0416bcf5b4de8279c1da800 Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 15:20:12 +0100 Subject: [PATCH 02/10] [ISS-1258][DC] resolving formatting and line length issues --- pre_commit_hooks/detect_aws_credentials.py | 26 ++++++++++++++-------- tests/detect_aws_credentials_test.py | 6 ++++- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index 5276b621..b704bf85 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -49,7 +49,14 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: return set() keys = set() - for var in ('AccessKeyId', 'SecretAccessKey', 'SessionToken', 'aws_secret_access_key', 'aws_security_token', 'aws_session_token'): + for var in ( + 'AccessKeyId', + 'SecretAccessKey', + 'SessionToken', + 'aws_secret_access_key', + 'aws_security_token', + 'aws_session_token' + ): if var in data.get('Credentials', {}): keys.add(data['Credentials'][var]) return keys @@ -125,8 +132,8 @@ def main(argv: Sequence[str] | None = None) -> int: ), ) parser.add_argument( - '--json-credentials-file', - dest='json_credential_file_locations', + '--json-credentials-dir', + dest='json_credential_dir', action='append', default=['~/.aws/cli/cache/', '~/.aws/login/cache/'], help=( @@ -143,13 +150,14 @@ def main(argv: Sequence[str] | None = None) -> int: args = parser.parse_args(argv) credential_files = set(args.credentials_file) - json_credential_file_locations = set(args.json_credential_file_locations) + json_credential_dirs = set(args.json_credential_dir) json_credential_files = set() - for json_credential_file_location in json_credential_file_locations: - if os.path.isdir(os.path.expanduser(json_credential_file_location)): - for filename in os.listdir(os.path.expanduser(json_credential_file_location)): - if filename.endswith('.json'): - json_credential_files.add(os.path.join(json_credential_file_location, filename)) + for json_credential_dir in json_credential_dirs: + if os.path.isdir(os.path.expanduser(json_credential_dir)): + for file in os.listdir(os.path.expanduser(json_credential_dir)): + if file.endswith('.json'): + (json_credential_files + .add(os.path.join(json_credential_dir, file))) # Add the credentials files configured via environment variables to the set # of files to to gather AWS secrets from. diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index ae26cd82..fc0ade55 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -73,7 +73,11 @@ def test_get_aws_secrets_from_env(env_vars, values): ( ( 'aws_temp_secrets_file.json', - {"tempAccessKeyId", "tempSecretAccessKey", "tempSessionToken"}, + { + "tempAccessKeyId", + "tempSecretAccessKey", + "tempSessionToken" + }, ), ('nonsense.txt', set()), ('ok_json.json', set()), From bf3835367d37f05b9511d91221aef926614b5b66 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 14:21:36 +0000 Subject: [PATCH 03/10] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- pre_commit_hooks/detect_aws_credentials.py | 18 +++++++++++------ testing/resources/aws_temp_secrets_file.json | 2 +- tests/detect_aws_credentials_test.py | 21 ++++++++++---------- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index b704bf85..93077f3c 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -2,15 +2,17 @@ import argparse import configparser +import json import os from collections.abc import Sequence from typing import NamedTuple -import json + class BadFile(NamedTuple): filename: str key: str + def get_aws_cred_files_from_env() -> set[str]: """Extract credential file paths from environment variables.""" return { @@ -22,6 +24,7 @@ def get_aws_cred_files_from_env() -> set[str]: if env_var in os.environ } + def get_aws_secrets_from_env() -> set[str]: """Extract AWS secrets from environment variables.""" keys = set() @@ -32,6 +35,7 @@ def get_aws_secrets_from_env() -> set[str]: keys.add(os.environ[env_var]) return keys + def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: """Extract AWS secrets from JSON configuration files. @@ -42,7 +46,7 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: if not os.path.exists(aws_credentials_file_path): return set() - with open(aws_credentials_file_path, 'r') as f: + with open(aws_credentials_file_path) as f: try: data = json.load(f) except json.JSONDecodeError: @@ -55,7 +59,7 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: 'SessionToken', 'aws_secret_access_key', 'aws_security_token', - 'aws_session_token' + 'aws_session_token', ): if var in data.get('Credentials', {}): keys.add(data['Credentials'][var]) @@ -156,8 +160,10 @@ def main(argv: Sequence[str] | None = None) -> int: if os.path.isdir(os.path.expanduser(json_credential_dir)): for file in os.listdir(os.path.expanduser(json_credential_dir)): if file.endswith('.json'): - (json_credential_files - .add(os.path.join(json_credential_dir, file))) + ( + json_credential_files + .add(os.path.join(json_credential_dir, file)) + ) # Add the credentials files configured via environment variables to the set # of files to to gather AWS secrets from. @@ -195,4 +201,4 @@ def main(argv: Sequence[str] | None = None) -> int: if __name__ == '__main__': - raise SystemExit(main()) \ No newline at end of file + raise SystemExit(main()) diff --git a/testing/resources/aws_temp_secrets_file.json b/testing/resources/aws_temp_secrets_file.json index fbf14c91..a7b106c9 100644 --- a/testing/resources/aws_temp_secrets_file.json +++ b/testing/resources/aws_temp_secrets_file.json @@ -4,4 +4,4 @@ "secretAccessKey": "tempSecretAccessKey", "sessionToken": "tempSessionToken" } -} \ No newline at end of file +} diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index fc0ade55..c3bfea0f 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -68,19 +68,20 @@ def test_get_aws_secrets_from_env(env_vars, values): with patch.dict('os.environ', env_vars, clear=True): assert get_aws_secrets_from_env() == values + @pytest.mark.parametrize( ('filename', 'expected_keys'), ( - ( - 'aws_temp_secrets_file.json', - { - "tempAccessKeyId", - "tempSecretAccessKey", - "tempSessionToken" - }, - ), - ('nonsense.txt', set()), - ('ok_json.json', set()), + ( + 'aws_temp_secrets_file.json', + { + 'tempAccessKeyId', + 'tempSecretAccessKey', + 'tempSessionToken', + }, + ), + ('nonsense.txt', set()), + ('ok_json.json', set()), ), ) def test_get_aws_secrets_from_json_file(filename, expected_keys): From aa1eaf5274c6a80d37f7f3039266c5e9ab0da6b8 Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 15:25:46 +0100 Subject: [PATCH 04/10] [ISS-1258][DC] renaming the function to meet length requirements --- pre_commit_hooks/detect_aws_credentials.py | 6 +++--- tests/detect_aws_credentials_test.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index 93077f3c..243b8531 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -36,7 +36,7 @@ def get_aws_secrets_from_env() -> set[str]: return keys -def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: +def get_aws_secrets_from_json(json_credentials_file: str) -> set[str]: """Extract AWS secrets from JSON configuration files. Read a JSON-style configuration file and return a set with all found AWS @@ -141,7 +141,7 @@ def main(argv: Sequence[str] | None = None) -> int: action='append', default=['~/.aws/cli/cache/', '~/.aws/login/cache/'], help=( - 'Location of additional AWS JSON credential file from which to get ' + 'Location of AWS JSON credential files from which to get ' 'secret keys. Can be passed multiple times.' ), ) @@ -174,7 +174,7 @@ def main(argv: Sequence[str] | None = None) -> int: keys |= get_aws_secrets_from_file(credential_file) for json_credential_file in json_credential_files: - keys |= get_aws_secrets_from_json_file(json_credential_file) + keys |= get_aws_secrets_from_json(json_credential_file) # Secrets might be part of environment variables, so add such secrets to # the set of keys. keys |= get_aws_secrets_from_env() diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index c3bfea0f..ea4dfaa8 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -7,7 +7,7 @@ from pre_commit_hooks.detect_aws_credentials import get_aws_cred_files_from_env from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_env from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_file -from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_json_file +from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_json from pre_commit_hooks.detect_aws_credentials import main from testing.util import get_resource_path @@ -84,9 +84,9 @@ def test_get_aws_secrets_from_env(env_vars, values): ('ok_json.json', set()), ), ) -def test_get_aws_secrets_from_json_file(filename, expected_keys): +def test_get_aws_secrets_from_json(filename, expected_keys): """Test that reading secrets from files works.""" - keys = get_aws_secrets_from_json_file(get_resource_path(filename)) + keys = get_aws_secrets_from_json(get_resource_path(filename)) assert keys == expected_keys From 00200616be980cf04cff33240a3260db0478c2ba Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 15:31:41 +0100 Subject: [PATCH 05/10] [ISS-1258][DC] handling different types of json files --- pre_commit_hooks/detect_aws_credentials.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index 243b8531..15821a8e 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -63,6 +63,9 @@ def get_aws_secrets_from_json(json_credentials_file: str) -> set[str]: ): if var in data.get('Credentials', {}): keys.add(data['Credentials'][var]) + + if var in data.get('accessToken', {}): + keys.add(data['accessToken'][var]) return keys From 901b6c8dceeed3392b92fbf7d121128e4a134e82 Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 15:43:26 +0100 Subject: [PATCH 06/10] [ISS-1258][DC] resolve test failures --- pre_commit_hooks/detect_aws_credentials.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index 15821a8e..5019fa45 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -57,9 +57,9 @@ def get_aws_secrets_from_json(json_credentials_file: str) -> set[str]: 'AccessKeyId', 'SecretAccessKey', 'SessionToken', - 'aws_secret_access_key', - 'aws_security_token', - 'aws_session_token', + 'accessKeyId', + 'secretAccessKey', + 'sessionToken', ): if var in data.get('Credentials', {}): keys.add(data['Credentials'][var]) From ca458c68af4c0e38d7a411b8ee0de13dfad9037a Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 16:10:43 +0100 Subject: [PATCH 07/10] [ISS-1258][DC] update tests for coverage --- .../aws_temp_credentials_secrets_file.json | 7 +++++ tests/detect_aws_credentials_test.py | 26 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 testing/resources/aws_temp_credentials_secrets_file.json diff --git a/testing/resources/aws_temp_credentials_secrets_file.json b/testing/resources/aws_temp_credentials_secrets_file.json new file mode 100644 index 00000000..8f34727f --- /dev/null +++ b/testing/resources/aws_temp_credentials_secrets_file.json @@ -0,0 +1,7 @@ +{ + "Credentials": { + "AccessKeyId": "tempAccessKeyId", + "SecretAccessKey": "tempSecretAccessKey", + "SessionToken": "tempSessionToken" + } +} diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index ea4dfaa8..ce6c7be8 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -80,6 +80,14 @@ def test_get_aws_secrets_from_env(env_vars, values): 'tempSessionToken', }, ), + ( + 'aws_temp_credentials_secrets_file.json', + { + 'tempAccessKeyId', + 'tempSecretAccessKey', + 'tempSessionToken', + }, + ), ('nonsense.txt', set()), ('ok_json.json', set()), ), @@ -141,6 +149,8 @@ def test_detect_aws_credentials(filename, expected_retval): get_resource_path(filename), '--credentials-file', 'testing/resources/aws_config_with_multiple_sections.ini', + '--json-credentials-dir', + 'testing/resources/', )) assert ret == expected_retval @@ -167,6 +177,7 @@ def test_non_existent_credentials(mock_secrets_env, mock_secrets_file, capsys): ret = main(( get_resource_path('aws_config_without_secrets.ini'), '--credentials-file=testing/resources/credentailsfilethatdoesntexist', + '--json-credentials-dir=directorythatdoesnotexist', )) assert ret == 2 out, _ = capsys.readouterr() @@ -190,3 +201,18 @@ def test_non_existent_credentials_with_allow_flag( '--allow-missing-credentials', )) assert ret == 0 + + +@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_file') +@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_env') +def test_non_existent_json_credentials_with_allow_flag( + mock_secrets_env, mock_secrets_file, +): + mock_secrets_env.return_value = set() + mock_secrets_file.return_value = set() + ret = main(( + get_resource_path('aws_config_without_secrets.ini'), + '--json-credentials-file=credentailsfilethatdoesntexist', + '--allow-missing-credentials', + )) + assert ret == 0 From 2173e8726cbbbbc26ba524783d766f878da69208 Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 16:12:17 +0100 Subject: [PATCH 08/10] [ISS-1258][DC] updating parameter --- tests/detect_aws_credentials_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index ce6c7be8..61026b41 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -212,7 +212,7 @@ def test_non_existent_json_credentials_with_allow_flag( mock_secrets_file.return_value = set() ret = main(( get_resource_path('aws_config_without_secrets.ini'), - '--json-credentials-file=credentailsfilethatdoesntexist', + '--json-credentials-dir=credentailsfilethatdoesntexist', '--allow-missing-credentials', )) assert ret == 0 From 1d9d4ec02fab1987a18d493c63976d304e8b32a4 Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 16:14:31 +0100 Subject: [PATCH 09/10] [ISS-1258][DC] removing impossible check --- pre_commit_hooks/detect_aws_credentials.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index 5019fa45..cab4ca4f 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -43,8 +43,6 @@ def get_aws_secrets_from_json(json_credentials_file: str) -> set[str]: secret access keys. """ aws_credentials_file_path = os.path.expanduser(json_credentials_file) - if not os.path.exists(aws_credentials_file_path): - return set() with open(aws_credentials_file_path) as f: try: From 54174fd6d25650a36d7a3e9445e5b24af968e87e Mon Sep 17 00:00:00 2001 From: DanielConnelly Date: Tue, 2 Jun 2026 17:02:43 +0100 Subject: [PATCH 10/10] [ISS-1258][DC] adding encoding to resolve windows issues --- pre_commit_hooks/detect_aws_credentials.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index cab4ca4f..b408eddb 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -44,7 +44,7 @@ def get_aws_secrets_from_json(json_credentials_file: str) -> set[str]: """ aws_credentials_file_path = os.path.expanduser(json_credentials_file) - with open(aws_credentials_file_path) as f: + with open(aws_credentials_file_path, encoding='utf-8') as f: try: data = json.load(f) except json.JSONDecodeError: