diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
index 90014ba..72d4a16 100644
--- a/.pre-commit-hooks.yaml
+++ b/.pre-commit-hooks.yaml
@@ -1,9 +1,10 @@
 - id: kubeseal-secrets
   name: Kubeseal secrets files
-  entry: ./kubeseal-secrets.sh
-  language: script
+  entry: python3 ./kubeseal-secrets.py
+  language: system
   args:
     - '*secret*'
   description: |
     Finds secret files matching the pattern and creates sealed secrets using kubeseal.
   stages: [commit]
+  pass_filenames: false
diff --git a/kubeseal-secrets.py b/kubeseal-secrets.py
new file mode 100644
index 0000000..584cfd1
--- /dev/null
+++ b/kubeseal-secrets.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import subprocess
+import sys
+from pathlib import Path
+
+def seal_secrets(pattern="*secret*"):
+    secrets = list(Path(".").rglob(pattern))
+    for file in secrets:
+        sealed_file = file.with_suffix(file.suffix + ".sealed.yaml")
+        if not sealed_file.exists():
+            with open(file, "rb") as f:
+                result = subprocess.run(
+                    ["kubeseal", "--format", "yaml"],
+                    input=f.read(),
+                    capture_output=True,
+                    check=True
+                )
+            sealed_file.write_bytes(result.stdout)
+            print(f"Sealed secret created: {sealed_file}")
+
+if __name__ == "__main__":
+    pattern = sys.argv[1] if len(sys.argv) > 1 else "*secret*"
+    seal_secrets(pattern)
diff --git a/kubeseal-secrets.sh b/kubeseal-secrets.sh
deleted file mode 100644
index 65fa83a..0000000
--- a/kubeseal-secrets.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-set -e
-
-pattern="${1:-*secret*}"
-
-secrets=$(find . -type f -name "$pattern")
-for file in $secrets; do
-    sealed_file=${file}.sealed.yaml
-    if [ ! -f $sealed_file ]; then
-        kubeseal --format yaml < "$file" > "$sealed_file"
-        echo "Sealed secret created: $sealed_file"
-    fi
-done