AWS now recommends logging into the CLI with aws login, this breaks the detect-aws-credentials hook No AWS keys were found in the configured credential files.
supplying --allow-missing-credentials does resolve the pre-commit failure, however the keys are no longer being checked.
aws login creates JSON files in ~/.aws/cli/cache these are not available as environment variables or updated within the ~/.aws/config without running the below commands
$ AWS_CREDS=$(aws configure export-credentials --format env)
$ eval $AWS_CREDS
the JSON files store temporary access, keys which have an expiry set. However, with an AI assisted tool these keys could be taken and used before they expire.
to better protect against keys leakage, a small update to the detect-aws-credentials hook could utilise these files and prevent against this.
AWS now recommends logging into the CLI with
aws login, this breaks the detect-aws-credentials hookNo AWS keys were found in the configured credential files.supplying --allow-missing-credentials does resolve the pre-commit failure, however the keys are no longer being checked.
aws login creates JSON files in ~/.aws/cli/cache these are not available as environment variables or updated within the ~/.aws/config without running the below commands
$ AWS_CREDS=$(aws configure export-credentials --format env)$ eval $AWS_CREDSthe JSON files store temporary access, keys which have an expiry set. However, with an AI assisted tool these keys could be taken and used before they expire.
to better protect against keys leakage, a small update to the detect-aws-credentials hook could utilise these files and prevent against this.