diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 3c4608a..750f6a9 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -17,6 +17,7 @@ jobs:
       contents: read
     outputs:
       env_vars: ${{ steps.credentials.outputs.env_vars }}
+      secret_env_vars: ${{ steps.credentials.outputs.secret_env_vars}}
     steps:
       - name: Output encoded credentials
         id: credentials
@@ -25,9 +26,10 @@ jobs:
           AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
           AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
           env_vars: ${{ secrets.AZURE_CLIENT_ID }},${{ secrets.AZURE_CLIENT_SECRET }},${{ secrets.AZURE_TENANT_ID }}
+          secret_env_vars: ${{ secrets.AZURE_CLIENT_ID }},${{ secrets.AZURE_CLIENT_SECRET }},${{ secrets.AZURE_TENANT_ID }}
         run: |
           echo "env_vars=$(echo $env_vars | base64 -w0 | base64 -w0)" >> $GITHUB_OUTPUT
-
+          echo "secret_env_vars=$(echo $secret_env_vars | base64 -w0 | base64 -w0)" >> $GITHUB_OUTPUT
   call_central_workflow:
     name: CI
     # uses: salt-extensions/central-artifacts/.github/workflows/ci.yml@main
@@ -36,6 +38,7 @@ jobs:
     with:
       setup-vault: true
       env_vars: ${{ needs.credentials.outputs.env_vars }}
+    secrets: inherit
     permissions:
       contents: write
       pull-requests: read