diff --git a/.gitea/workflows/infisical-secrets.yml b/.gitea/workflows/infisical-secrets.yml
index 83afdb9..3928e78 100644
--- a/.gitea/workflows/infisical-secrets.yml
+++ b/.gitea/workflows/infisical-secrets.yml
@@ -11,22 +11,21 @@ jobs:
     steps:
       - name: Force DNS resolution
         run: |
-          # Install dnsutils to get the 'dig' command
-          sudo apt-get update && sudo apt-get install -y dnsutils
+          # Install dnsutils for 'dig' and jq for JSON processing
+          sudo apt-get update && sudo apt-get install -y dnsutils jq
           
           # Dynamically fetch the public IP to handle dynamic DNS
-          # We query Cloudflare DNS (1.1.1.1) to ignore local/Tailscale records
           PUBLIC_IP=$(dig +short @1.1.1.1 infisical.lemarechal.eu | tail -n1)
           echo "Public IP found: $PUBLIC_IP"
           echo "$PUBLIC_IP infisical.lemarechal.eu" | sudo tee -a /etc/hosts
 
-      - name: Debug Secret Fetch (curl)
+      - name: Fetch and Inject Secrets
         env:
           CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
           PROJECT_ID: ${{ secrets.INFISICAL_PROJECT_ID }}
         run: |
-          echo "Logging in..."
+          echo "Logging in to Infisical..."
           LOGIN_RES=$(curl -s -X POST https://infisical.lemarechal.eu/api/v1/auth/universal-auth/login \
             -H "Content-Type: application/json" \
             -d "{\"clientId\": \"$CLIENT_ID\", \"clientSecret\": \"$CLIENT_SECRET\"}")
@@ -40,24 +39,17 @@ jobs:
           
           echo "✅ Login successful. Fetching secrets..."
           
-          # Attempt to fetch secrets to see the 400 error message
-          # Note: workspaceId is the Project ID
+          # Fetch raw secrets from the verified v3 endpoint
           FETCH_RES=$(curl -s -X GET "https://infisical.lemarechal.eu/api/v3/secrets/raw?workspaceId=$PROJECT_ID&environment=prod&secretPath=%2FDiscord_bot" \
             -H "Authorization: Bearer $TOKEN")
           
-          echo "Secrets API Response: $FETCH_RES"
+          # Inject secrets into GITEA_ENV to make them available for subsequent steps
+          # We use jq to format them as KEY=VALUE pairs
+          echo "$FETCH_RES" | jq -r '.secrets[] | "\(.secretKey)=\(.secretValue)"' >> $GITEA_ENV
+          echo "✅ Secrets successfully fetched and injected."
 
-      - name: Fetch Secrets from Infisical
-        uses: https://github.com/Infisical/secrets-action@v1.0.7
-        with:
-          client-id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          client-secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
-          project-id: ${{ secrets.INFISICAL_PROJECT_ID }}
-          env-slug: prod
-          secret-path: /Discord_bot
-          domain: https://infisical.lemarechal.eu
-
-      - name: Display Secrets
+      - name: Display Secrets (Masked)
         run: |
           echo "Secrets fetched and injected as environment variables."
+          # Gitea will automatically mask the values of these variables in the logs
           env | grep -v "GITHUB_" | grep -v "GITEA_" | sort