diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4ae1941e..c607693d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -119,3 +119,35 @@ jobs:
           Write-Output "::error::$invalidPackages NuGet package(s) failed validation."
           exit 1
         }
+
+  test-secrets:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+
+    - uses: grafana/shared-workflows/actions/get-vault-secrets@9f37f656e063f0ad0b0bfc38d49894b57d363936 # get-vault-secrets/v1.2.1
+      id: get-tokens
+      with:
+        export_env: false
+        repo_secrets: |
+          feedz-io-token=feedz-io:token
+          nuget-token=nuget:token
+
+    - name: Check secrets exist
+      shell: pwsh
+      env:
+        FEEDZ_IO_TOKEN: ${{ fromJSON(steps.get-tokens.outputs.secrets).feedz-io-token }}
+        NUGET_TOKEN: ${{ fromJSON(steps.get-tokens.outputs.secrets).nuget-token }}
+      run: |
+        if ([string]::IsNullOrEmpty(${env:FEEDZ_IO_TOKEN})) {
+          echo "::error::Failed to retrieve feedz.io token."
+          exit 1
+        }
+        if ([string]::IsNullOrEmpty(${env:NUGET_TOKEN})) {
+          echo "::error::Failed to retrieve NuGet token."
+          exit 1
+        }
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 9590db8a..d4739557 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -24,4 +24,5 @@ jobs:
       - name: Review dependencies
         uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
         with:
+          allow-dependencies-licenses: 'pkg:githubactions/grafana/shared-workflows/actions/get-vault-secrets'
           allow-licenses: 'Apache-2.0,BSD-3-Clause,MIT'