diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ae5a0e7..0a94b80 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -58,13 +58,13 @@ jobs:
     # - uses: grafana/plugin-actions/build-plugin@release
     #   with:
     #     grafana_token: ${{ secrets.GRAFANA_ACCESS_POLICY_TOKEN }}
-    env:
-        GRAFANA_ACCESS_POLICY_TOKEN: ${{ secrets.GRAFANA_ACCESS_POLICY_TOKEN }}
     steps:
     - name: Sign plugin
       run: npm run sign
       shell: bash
-      if: ${GRAFANA_ACCESS_POLICY_TOKEN} != '' # https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow
+      env:
+        GRAFANA_ACCESS_POLICY_TOKEN: ${{ secrets.GRAFANA_ACCESS_POLICY_TOKEN }}
+      if: $GRAFANA_ACCESS_POLICY_TOKEN != '' # https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow
 
     - name: Get plugin metadata
       id: metadata