diff --git a/.github/actions/backend-deploy-job/files/cloudbuild.yaml b/.github/actions/backend-deploy-job/files/cloudbuild.yaml
index 2fa4fe96..0df5a750 100644
--- a/.github/actions/backend-deploy-job/files/cloudbuild.yaml
+++ b/.github/actions/backend-deploy-job/files/cloudbuild.yaml
@@ -40,16 +40,18 @@ steps:
         op inject  -f -i ./devops/vaults.gcp.env -o ./devops/vaults.${env_name}
 
         export VPC_CONNECTOR=$(awk -F '=' '/^VPC_CONNECTOR/ {print $2}' ./devops/vaults.${env_name})
+        export VAL=$(awk '{f1=f2=$0; sub(/=.*/,"",f1); sub(/[^=]+=/,"",f2); printf "- name: %s\n  value: %s\n",f1,f2}' ./devops/vaults.${env_name} | sed 's/\"/\"/g')
+
         if [ "$VPC_CONNECTOR" ]; then
           yq e '.spec.template.metadata.annotations["run.googleapis.com/vpc-access-egress"] = "private-ranges-only" |
                 .spec.template.metadata.annotations["run.googleapis.com/vpc-access-connector"] = env(VPC_CONNECTOR)' \
                 ./devops/gcp/k8s/service.template.yaml > ./devops/gcp/k8s/temp-service.${env_name}.yaml
+          # generate manifest for each environment
+          yq e '.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/temp-service.${env_name}.yaml > ./devops/gcp/k8s/service.${env_name}.yaml
+        else
+          # generate manifest for each environment
+          yq e '.spec.template.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/job.template.yaml > ./devops/gcp/k8s/job.${env_name}.yaml
         fi
-
-        export VAL=$(awk '{f1=f2=$0; sub(/=.*/,"",f1); sub(/[^=]+=/,"",f2); printf "- name: %s\n  value: %s\n",f1,f2}' ./devops/vaults.${env_name} | sed 's/\"/\"/g')
-
-        # generate manifest for each environment
-        yq e '.spec.template.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/job.template.yaml > ./devops/gcp/k8s/job.${env_name}.yaml
       done
 
       targets_full=(${_DEPLOY_FULL_TARGETS})