diff --git a/.github/workflows/cloud-platform-deploy-release.yml b/.github/workflows/cloud-platform-deploy-release.yml
index 7f6b7f8..04cacfb 100644
--- a/.github/workflows/cloud-platform-deploy-release.yml
+++ b/.github/workflows/cloud-platform-deploy-release.yml
@@ -51,10 +51,7 @@ jobs:
         env:
           KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
           KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
-          SECRET: $(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) 2> /dev/null
-          BUCKET_NAME: $(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.bucket_name}' | base64 -d))
         working-directory: ./alfresco-content-services
-        # shell: bash
         run: |
 
           # See this link how github action secrets are created: https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount
@@ -65,10 +62,11 @@ jobs:
           kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
           kubectl config use-context ${KUBE_CLUSTER}
 
-          # For Alfresco, we only use one single namespace
+          # For Alfresco, a k8s namespace will be an environment
           kubectl config set-context --current --namespace=${KUBE_NAMESPACE}
 
           # Helm will not deploy unless this secret is present. Create a new one if one does not already exist from env section
+          SECRET = $(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) 2> /dev/null
           if [ -z ${SECRET} ] 
           then 
             SECRET=$(openssl rand -base64 20)
@@ -77,6 +75,7 @@ jobs:
           echo "===== secret value = ${SECRET}"
 
           # Upgrad an existing release or create a new one if one does not exist
+          BUCKET_NAME = $(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.bucket_name}' | base64 -d))
           helm upgrade --install alfresco-content-services . --values=./values.yaml \
           --set s3connector.config.bucketName=${BUCKET_NAME} \
           --set global.tracking.sharedsecret=${SECRET} \