diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 0614a74..21fc6da 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -10,6 +10,13 @@ jobs:
     name: Deploy website via rsync over SSH
     runs-on: [self-hosted, linux]
 
+    env:
+      DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
+      DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
+      DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+      DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
+      DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -32,12 +39,9 @@ jobs:
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
 
-          echo "Writing private key..."
-          # Rebuild key safely (handles single-line or escaped secrets)
-          echo "$DEPLOY_KEY" | tr -d '\r' | awk 'BEGIN {RS="\\n"} {print}' > ~/.ssh/id_ed25519
+          echo "$DEPLOY_KEY" > ~/.ssh/id_ed25519
           chmod 600 ~/.ssh/id_ed25519
 
-          echo "Adding ${DEPLOY_HOST}:${DEPLOY_PORT} to known_hosts..."
           ssh-keyscan -p "$DEPLOY_PORT" -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null
           echo "SSH setup complete."
         shell: bash