diff --git a/.github/workflows/publish.lib.yaml b/.github/workflows/publish.lib.yaml
index 5184674..4e38ccf 100644
--- a/.github/workflows/publish.lib.yaml
+++ b/.github/workflows/publish.lib.yaml
@@ -3,8 +3,8 @@ name: Publish
 on:
   workflow_call:
     inputs:
-      owner:
-        description: 'Owner of the repository'
+      private-key:
+        description: 'Private key for creating the GitHub App token'
         required: true
         type: string
 
@@ -25,8 +25,7 @@ jobs:
         with:
           # required
           app-id: 1312871
-          private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }}
-          owner: ${{ inputs.owner }}
+          private-key: ${{ inputs.private-key }}
 
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
diff --git a/.github/workflows/release.lib.yaml b/.github/workflows/release.lib.yaml
index dbf61a3..3525663 100644
--- a/.github/workflows/release.lib.yaml
+++ b/.github/workflows/release.lib.yaml
@@ -2,6 +2,11 @@ name: Versioned Release
 
 on:
   workflow_call:
+    inputs:
+      private-key:
+        description: 'Private key for creating the GitHub App token'
+        required: true
+        type: string
 
 permissions:
   contents: write # we need this to be able to push tags
@@ -18,7 +23,7 @@ jobs:
         with:
           # required
           app-id: 1312871
-          private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }}
+          private-key: ${{ inputs.private-key }}
 
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4