diff --git a/services/jenkins/deployment.yaml b/services/jenkins/deployment.yaml
index 3c87349..0320b02 100644
--- a/services/jenkins/deployment.yaml
+++ b/services/jenkins/deployment.yaml
@@ -23,20 +23,20 @@ spec:
         vault.hashicorp.com/agent-inject-secret-jenkins-env: "kv/data/atlas/jenkins/jenkins-oidc"
         vault.hashicorp.com/agent-inject-template-jenkins-env: |
           {{- with secret "kv/data/atlas/jenkins/jenkins-oidc" -}}
-          export OIDC_CLIENT_ID='{{ .Data.data.clientId | replace "'" "'\"'\"'" }}'
-          export OIDC_CLIENT_SECRET='{{ .Data.data.clientSecret | replace "'" "'\"'\"'" }}'
-          export OIDC_AUTH_URL='{{ .Data.data.authorizationUrl | replace "'" "'\"'\"'" }}'
-          export OIDC_TOKEN_URL='{{ .Data.data.tokenUrl | replace "'" "'\"'\"'" }}'
-          export OIDC_USERINFO_URL='{{ .Data.data.userInfoUrl | replace "'" "'\"'\"'" }}'
-          export OIDC_LOGOUT_URL='{{ .Data.data.logoutUrl | replace "'" "'\"'\"'" }}'
+          OIDC_CLIENT_ID={{ .Data.data.clientId }}
+          OIDC_CLIENT_SECRET={{ .Data.data.clientSecret }}
+          OIDC_AUTH_URL={{ .Data.data.authorizationUrl }}
+          OIDC_TOKEN_URL={{ .Data.data.tokenUrl }}
+          OIDC_USERINFO_URL={{ .Data.data.userInfoUrl }}
+          OIDC_LOGOUT_URL={{ .Data.data.logoutUrl }}
           {{- end }}
           {{- with secret "kv/data/atlas/jenkins/harbor-robot-creds" -}}
-          export HARBOR_ROBOT_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}'
-          export HARBOR_ROBOT_PASSWORD='{{ .Data.data.password | replace "'" "'\"'\"'" }}'
+          HARBOR_ROBOT_USERNAME={{ .Data.data.username }}
+          HARBOR_ROBOT_PASSWORD={{ .Data.data.password }}
           {{- end }}
           {{- with secret "kv/data/atlas/jenkins/gitea-pat" -}}
-          export GITEA_PAT_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}'
-          export GITEA_PAT_TOKEN='{{ .Data.data.token | replace "'" "'\"'\"'" }}'
+          GITEA_PAT_USERNAME={{ .Data.data.username }}
+          GITEA_PAT_TOKEN={{ .Data.data.token }}
           {{- end -}}
     spec:
       serviceAccountName: jenkins
@@ -88,9 +88,8 @@ spec:
             - /bin/sh
             - -c
             - |
-              set -eu
-              . /vault/secrets/jenkins-env
-              exec /usr/bin/tini -- /usr/local/bin/jenkins.sh
+              set -e
+              exec env $(cat /vault/secrets/jenkins-env) /usr/bin/tini -- /usr/local/bin/jenkins.sh
           ports:
             - name: http
               containerPort: 8080