diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
index cf8c74f..e103b1d 100644
--- a/.github/workflows/docker-publish.yaml
+++ b/.github/workflows/docker-publish.yaml
@@ -29,9 +29,6 @@ jobs:
   run:
     name: Build and publish docker image
     runs-on: ubuntu-latest
-    env:
-      APP_SECRET: ${{ secrets.appSecret }}
-
     steps:
       - uses: docker/login-action@v3
         with:
@@ -40,11 +37,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - id: app-token
-        if: ${{ inputs.appId && env.APP_SECRET != '' }}
+        if: ${{ inputs.appId }}
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ inputs.appId }}
-          private-key: ${{ env.APP_SECRET }}
+          private-key: ${{ secrets.appSecret }}
           owner: ${{ github.repository_owner }}
 
       - uses: actions/checkout@v5
diff --git a/.github/workflows/reusable-ruby-checks.yaml b/.github/workflows/reusable-ruby-checks.yaml
index c95b861..9eb460d 100644
--- a/.github/workflows/reusable-ruby-checks.yaml
+++ b/.github/workflows/reusable-ruby-checks.yaml
@@ -34,8 +34,6 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
-    env:
-      APP_SECRET: ${{ secrets.appSecret }}
     defaults:
       run:
         working-directory: ${{ inputs.workingDirectory }}
@@ -48,11 +46,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - id: app-token
-        if: ${{ inputs.appId && env.APP_SECRET != '' }}
+        if: ${{ inputs.appId }}
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ inputs.appId }}
-          private-key: ${{ env.APP_SECRET }}
+          private-key: ${{ secrets.appSecret }}
           owner: ${{ github.repository_owner }}
 
       - uses: actions/checkout@v5
diff --git a/.github/workflows/reusable-ruby-publish-migrated-db.yaml b/.github/workflows/reusable-ruby-publish-migrated-db.yaml
index 41fbc39..0bba606 100644
--- a/.github/workflows/reusable-ruby-publish-migrated-db.yaml
+++ b/.github/workflows/reusable-ruby-publish-migrated-db.yaml
@@ -34,8 +34,6 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
-    env:
-      APP_SECRET: ${{ secrets.appSecret }}
     defaults:
       run:
         working-directory: ${{ inputs.workingDirectory }}
@@ -58,11 +56,11 @@ jobs:
           docker exec postgres rm -rf /docker-entrypoint-initdb.d/*
 
       - id: app-token
-        if: ${{ inputs.appId && env.APP_SECRET != '' }}
+        if: ${{ inputs.appId }}
         uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ inputs.appId }}
-          private-key: ${{ env.APP_SECRET }}
+          private-key: ${{ secrets.appSecret }}
           owner: ${{ github.repository_owner }}
 
       - uses: actions/checkout@v5