diff --git a/.woodpecker.yml b/.woodpecker.yml
index 7445f75..3ea84da 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -33,8 +33,8 @@ steps:
       - echo "Verifications de securite OK"
 
   # Etape 3a : Ecriture du .env depuis les secrets
-  # BUG Woodpecker next : max 2 from_secret par step, valeur statique obligatoire
-  - name: write-env-1
+  # NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
+  - name: write-env
     image: alpine:3.20
     environment:
       TEST_STATIC: hello-world
@@ -42,18 +42,16 @@ steps:
         from_secret: ps_domain
       PS_ADMIN_FOLDER:
         from_secret: ps_admin_folder
+      PRESTASHOP_ADMIN_EMAIL:
+        from_secret: prestashop_admin_email
+      PRESTASHOP_ADMIN_PASSWORD:
+        from_secret: prestashop_admin_password
+      DB_ROOT_PASSWORD:
+        from_secret: db_root_password
+      DB_PASSWORD:
+        from_secret: db_password
     commands:
-      - env | grep -E "TEST_STATIC|PS_DOMAIN|PS_ADMIN"
-
-  - name: write-env-2
-    image: alpine:3.20
-    commands:
-      - printf 'PRESTASHOP_ADMIN_EMAIL=PLACEHOLDER\nPRESTASHOP_ADMIN_PASSWORD=PLACEHOLDER\n' >> .env.deploy
-
-  - name: write-env-3
-    image: alpine:3.20
-    commands:
-      - printf 'DB_ROOT_PASSWORD=PLACEHOLDER\nDB_PASSWORD=PLACEHOLDER\n' >> .env.deploy
+      - env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
       - echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
 
   # Etape 3b : Deploiement sur sonic via Docker socket