diff --git a/pkg/workflow/redact_secrets.go b/pkg/workflow/redact_secrets.go
index 10e401fbd4..72d892ea2b 100644
--- a/pkg/workflow/redact_secrets.go
+++ b/pkg/workflow/redact_secrets.go
@@ -88,7 +88,9 @@ func (c *Compiler) generateSecretRedactionStep(yaml *strings.Builder, yamlConten
 	for _, secretName := range secretReferences {
 		// Escape secret name to prevent injection in YAML
 		escapedSecretName := escapeSingleQuote(secretName)
-		yaml.WriteString(fmt.Sprintf("          SECRET_%s: ${{ secrets.%s }}\n", escapedSecretName, escapedSecretName))
+		// Use original secretName in GitHub Actions expression since it's already validated
+		// to only contain safe characters (uppercase letters, numbers, underscores)
+		yaml.WriteString(fmt.Sprintf("          SECRET_%s: ${{ secrets.%s }}\n", escapedSecretName, secretName))
 	}
 }