diff --git a/.woodpecker.yml b/.woodpecker.yml
index 4b30dfe..8ed9b98 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -1,5 +1,5 @@
 steps:
-  - name: test-vault
+  - name: fetch-secrets
     image: hashicorp/vault:latest
     environment:
       VAULT_ADDR:
@@ -9,9 +9,16 @@ steps:
       VAULT_SECRET_ID:
         from_secret: vault_secret_id
     commands:
-      - echo "=== Authenticating with Vault via AppRole ==="
       - export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID)
-      - echo "Auth successful"
-      - echo "=== Reading secrets from projects/test/demo ==="
-      - vault kv get projects/test/demo
-      - echo "=== Vault integration works! ==="
+      - vault kv get -format=json projects/test/demo | jq -r '.data.data | to_entries[] | "export \(.key)=\(.value)"' > .env.vault
+      - echo "Fetched secrets:"
+      - cat .env.vault
+
+  - name: use-secrets
+    image: alpine
+    commands:
+      - source .env.vault
+      - echo "APP_NAME=$APP_NAME"
+      - echo "DB_HOST=$DB_HOST"
+      - echo "DB_PASS length=$(echo -n $DB_PASS | wc -c) chars"
+      - echo "Secrets are available in any step via .env.vault"