diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py
index b2afd71..47a69bf 100644
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py
@@ -53,7 +53,9 @@ def get_aws_secrets_from_file(credentials_file):
             'aws_session_token',
         ):
             try:
-                keys.add(parser.get(section, var))
+                key = parser.get(section, var).strip()
+                if key:
+                    keys.add(key)
             except configparser.NoOptionError:
                 pass
     return keys
diff --git a/testing/resources/aws_config_without_secrets_with_spaces.ini b/testing/resources/aws_config_without_secrets_with_spaces.ini
new file mode 100644
index 0000000..b169952
--- /dev/null
+++ b/testing/resources/aws_config_without_secrets_with_spaces.ini
@@ -0,0 +1,4 @@
+# file with an AWS access key id but no valid AWS secret access key only space characters
+[production]
+aws_access_key_id = AKIASLARTARGENTINA86
+aws_secret_access_key =
diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py
index 954f3d8..f1bd7d4 100644
--- a/tests/detect_aws_credentials_test.py
+++ b/tests/detect_aws_credentials_test.py
@@ -83,6 +83,7 @@ def test_get_aws_secrets_from_env(env_vars, values):
             },
         ),
         ('aws_config_without_secrets.ini', set()),
+        ('aws_config_without_secrets_with_spaces.ini', set()),
         ('nonsense.txt', set()),
         ('ok_json.json', set()),
     ),
@@ -100,6 +101,7 @@ def test_get_aws_secrets_from_file(filename, expected_keys):
         ('aws_config_with_session_token.ini', 1),
         ('aws_config_with_multiple_sections.ini', 1),
         ('aws_config_without_secrets.ini', 0),
+        ('aws_config_without_secrets_with_spaces.ini', 0),
         ('nonsense.txt', 0),
         ('ok_json.json', 0),
     ),