diff --git a/.gitea/workflows/lint.yml b/.gitea/workflows/lint.yml
index c119440..4b115fe 100644
--- a/.gitea/workflows/lint.yml
+++ b/.gitea/workflows/lint.yml
@@ -73,7 +73,8 @@ jobs:
           CFG="get-started/csi_recv_router/sdkconfig"
 
           echo "=== Checking for hardcoded secrets ==="
-          if strings "$BIN" | grep -iqE '(password|secret|api_key|apikey)=[^$]'; then
+          if strings "$BIN" | grep -iE '(password|secret|api_key|apikey)=' \
+             | grep -ivE '(auth_secret|secret=%s|secret=\$)'; then
             echo "::error::Potential hardcoded secret found in binary"
             exit 1
           fi