diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go
index 97f0d52e3..4701161d6 100644
--- a/plugins/aws/sts_provisioner.go
+++ b/plugins/aws/sts_provisioner.go
@@ -3,8 +3,6 @@ package aws
 import (
 	"context"
 	"fmt"
-	"io"
-	"log"
 	"os"
 	"time"
 
@@ -182,18 +180,12 @@ func (m CacheProviderFactory) NewAccessKeysProvider() aws.CredentialsProvider {
 
 // getAWSAuthConfigurationForProfile loads specified configurations from both config file and environment
 func getAWSAuthConfigurationForProfile(profile string) (*confighelpers.Config, error) {
-	// Disable log output produced by AWS Vault code
-	log.SetOutput(io.Discard)
-
 	// Read config file from the location set in AWS_CONFIG_FILE env var or from  ~/.aws/config
-	configFile, err := confighelpers.LoadConfigFromEnv()
+	configFile, err := ExecuteSilently(confighelpers.LoadConfigFromEnv)()
 	if err != nil {
 		return nil, err
 	}
 
-	// Re-enable log output
-	log.SetOutput(os.Stderr)
-
 	configLoader := confighelpers.ConfigLoader{
 		File:          configFile,
 		ActiveProfile: profile,
diff --git a/plugins/aws/utils.go b/plugins/aws/utils.go
index 73bb9b27a..d3e7b4ca5 100644
--- a/plugins/aws/utils.go
+++ b/plugins/aws/utils.go
@@ -2,7 +2,11 @@ package aws
 
 import (
 	"fmt"
+	"io"
+	"log"
+	"os"
 
+	"github.com/99designs/aws-vault/v7/vault"
 	"gopkg.in/ini.v1"
 )
 
@@ -20,3 +24,12 @@ func getConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Se
 
 	return nil
 }
+
+func ExecuteSilently(f func() (*vault.ConfigFile, error)) func() (*vault.ConfigFile, error) {
+	return func() (*vault.ConfigFile, error) {
+		log.SetOutput(io.Discard)
+		vaultConfig, err := f()
+		defer log.SetOutput(os.Stderr)
+		return vaultConfig, err
+	}
+}