diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3e66fda..b43a115 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -36,13 +36,13 @@ jobs:
           load: true
       - uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
         if: github.event_name == 'push'
       - uses: docker/metadata-action@v5
         id: meta
         with:
-          images: ${{ secrets.DOCKERHUB_USERNAME }}/fishnet
+          images: ${{ vars.DOCKERHUB_USERNAME }}/fishnet
           tags: |
             type=ref,event=branch
             type=semver,pattern={{major}}
@@ -104,7 +104,7 @@ jobs:
       - uses: signpath/github-action-submit-signing-request@v0.4
         with:
           api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
-          organization-id: 5f88bd6d-9f02-4053-af25-77474c4957e8
+          organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }}
           project-slug: 'fishnet'
           signing-policy-slug: ${{ startsWith(github.ref, 'refs/tags/v') && 'release-signing' || 'test-signing' }}
           github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }}