diff --git a/auth/internal/transport/cert/enterprise_cert.go b/auth/internal/transport/cert/enterprise_cert.go
index 366515916120..6c954ae193ca 100644
--- a/auth/internal/transport/cert/enterprise_cert.go
+++ b/auth/internal/transport/cert/enterprise_cert.go
@@ -16,7 +16,6 @@ package cert
 
 import (
 	"crypto/tls"
-	"errors"
 
 	"github.com/googleapis/enterprise-certificate-proxy/client"
 )
@@ -37,10 +36,9 @@ type ecpSource struct {
 func NewEnterpriseCertificateProxyProvider(configFilePath string) (Provider, error) {
 	key, err := client.Cred(configFilePath)
 	if err != nil {
-		if errors.Is(err, client.ErrCredUnavailable) {
-			return nil, errSourceUnavailable
-		}
-		return nil, err
+		// TODO(codyoss): once this is fixed upstream can handle this error a
+		// little better here. But be safe for now and assume unavailable.
+		return nil, errSourceUnavailable
 	}
 
 	return (&ecpSource{
diff --git a/auth/internal/transport/cert/workload_cert.go b/auth/internal/transport/cert/workload_cert.go
index e8675bf824b5..347aaced721d 100644
--- a/auth/internal/transport/cert/workload_cert.go
+++ b/auth/internal/transport/cert/workload_cert.go
@@ -82,10 +82,7 @@ func (s *workloadSource) getClientCertificate(info *tls.CertificateRequestInfo)
 func getCertAndKeyFiles(configFilePath string) (string, string, error) {
 	jsonFile, err := os.Open(configFilePath)
 	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			return "", "", errSourceUnavailable
-		}
-		return "", "", err
+		return "", "", errSourceUnavailable
 	}
 
 	byteValue, err := io.ReadAll(jsonFile)