diff --git a/.gitea/workflows/app-continous-deploy.yaml b/.gitea/workflows/app-continous-deploy.yaml
index 4f50e26..c8bc0bf 100644
--- a/.gitea/workflows/app-continous-deploy.yaml
+++ b/.gitea/workflows/app-continous-deploy.yaml
@@ -69,24 +69,22 @@ jobs:
 
           # ensure cleanup always runs
           trap 'rm -f \
-                    deploy/backups/backups/.env.d/secrets \
-                    deploy/backups/backups/.env.d/id_rsa \
-                    deploy/backups/backups/.env.d/borg_key' EXIT
+                    deploy/backups/.env.d/*' EXIT
 
           # setup secrets files
-          echo "PBS_REPOSITORY=${CRONJOBS_BACKUPS_SECRETS_PBS_REPOSITORY}" >> deploy/backups/cronjobs/.env.d/secrets
-          echo "PBS_PASSWORD=${CRONJOBS_BACKUPS_SECRETS_PBS_PASSWORD}" >> deploy/backups/cronjobs/.env.d/secrets
-          echo "PBS_FINGERPRINT=${CRONJOBS_BACKUPS_SECRETS_PBS_FINGERPRINT}" >> deploy/backups/backups/.env.d/secrets
-          echo "BORG_REPO=${CRONJOBS_BACKUPS_SECRETS_BORG_REPO}" >> deploy/backups/cronjobs/.env.d/secrets
-          echo "BORG_PASSPHRASE=${CRONJOBS_BACKUPS_SECRETS_BORG_PASSPHRASE}" >> deploy/backups/cronjobs/.env.d/secrets
-          echo "OFFSITE_TARGET_FOLDER=${CRONJOBS_BACKUPS_SECRETS_OFFSITE_TARGET_FOLDER}" >> deploy/backups/cronjobs/.env.d/secrets
-          echo "${CRONJOBS_BACKUPS_SECRETS_ID_RSA}" >> deploy/backups/cronjobs/.env.d/id_rsa
-          echo "${CRONJOBS_BACKUPS_SECRETS_BORG_KEY}" >> deploy/backups/cronjobs/.env.d/borg_key
+          echo "PBS_REPOSITORY=${CRONJOBS_BACKUPS_SECRETS_PBS_REPOSITORY}" >> deploy/backups/.env.d/secrets
+          echo "PBS_PASSWORD=${CRONJOBS_BACKUPS_SECRETS_PBS_PASSWORD}" >> deploy/backups/.env.d/secrets
+          echo "PBS_FINGERPRINT=${CRONJOBS_BACKUPS_SECRETS_PBS_FINGERPRINT}" >> deploy/backups/.env.d/secrets
+          echo "BORG_REPO=${CRONJOBS_BACKUPS_SECRETS_BORG_REPO}" >> deploy/backups/.env.d/secrets
+          echo "BORG_PASSPHRASE=${CRONJOBS_BACKUPS_SECRETS_BORG_PASSPHRASE}" >> deploy/backups/.env.d/secrets
+          echo "OFFSITE_TARGET_FOLDER=${CRONJOBS_BACKUPS_SECRETS_OFFSITE_TARGET_FOLDER}" >> deploy/backups/.env.d/secrets
+          echo "${CRONJOBS_BACKUPS_SECRETS_ID_RSA}" >> deploy/backups/.env.d/id_rsa
+          echo "${CRONJOBS_BACKUPS_SECRETS_BORG_KEY}" >> deploy/backups/.env.d/borg_key
           
           # enforce secrets files security
-          chmod 600 deploy/backups/cronjobs/.env.d/secrets
-          chmod 600 deploy/backups/cronjobs/.env.d/id_rsa
-          chmod 600 deploy/backups/cronjobs/.env.d/borg_key
+          chmod 600 deploy/backups/.env.d/secrets
+          chmod 600 deploy/backups/.env.d/id_rsa
+          chmod 600 deploy/backups/.env.d/borg_key
 
           # invoke deploy script
           ops-scripts/apply-app.sh