diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
index 62ff3b4..6b33e3f 100644
--- a/.github/workflows/docker-publish.yaml
+++ b/.github/workflows/docker-publish.yaml
@@ -29,6 +29,8 @@ jobs:
   run:
     name: Build and publish docker image
     runs-on: ubuntu-latest
+    env:
+      APP_SECRET: ${{ secrets.appSecret }}
 
     steps:
       - uses: docker/login-action@v3
@@ -38,11 +40,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - id: app-token
-        if: ${{ inputs.appId && secrets.appSecret }}
+        if: ${{ inputs.appId && env.APP_SECRET != '' }}
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ inputs.appId }}
-          private-key: ${{ secrets.appSecret }}
+          private-key: ${{ env.APP_SECRET }}
           installation-id: ${{ inputs.appInstallationId }}
 
       - uses: actions/checkout@v5
diff --git a/.github/workflows/reusable-ruby-checks.yaml b/.github/workflows/reusable-ruby-checks.yaml
index 18f5ea9..18f6484 100644
--- a/.github/workflows/reusable-ruby-checks.yaml
+++ b/.github/workflows/reusable-ruby-checks.yaml
@@ -34,6 +34,8 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
+    env:
+      APP_SECRET: ${{ secrets.appSecret }}
     defaults:
       run:
         working-directory: ${{ inputs.workingDirectory }}
@@ -46,11 +48,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - id: app-token
-        if: ${{ inputs.appId && secrets.appSecret }}
+        if: ${{ inputs.appId && env.APP_SECRET != '' }}
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ inputs.appId }}
-          private-key: ${{ secrets.appSecret }}
+          private-key: ${{ env.APP_SECRET }}
           installation-id: ${{ inputs.appInstallationId }}
 
       - uses: actions/checkout@v5
diff --git a/.github/workflows/reusable-ruby-publish-migrated-db.yaml b/.github/workflows/reusable-ruby-publish-migrated-db.yaml
index 2ee2f58..c9b9acd 100644
--- a/.github/workflows/reusable-ruby-publish-migrated-db.yaml
+++ b/.github/workflows/reusable-ruby-publish-migrated-db.yaml
@@ -34,6 +34,8 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
+    env:
+      APP_SECRET: ${{ secrets.appSecret }}
     defaults:
       run:
         working-directory: ${{ inputs.workingDirectory }}
@@ -56,11 +58,11 @@ jobs:
           docker exec postgres rm -rf /docker-entrypoint-initdb.d/*
 
       - id: app-token
-        if: ${{ inputs.appId && secrets.appSecret }}
+        if: ${{ inputs.appId && env.APP_SECRET != '' }}
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ inputs.appId }}
-          private-key: ${{ secrets.appSecret }}
+          private-key: ${{ env.APP_SECRET }}
           installation-id: ${{ inputs.appInstallationId }}
 
       - uses: actions/checkout@v5