diff --git a/infrastructure/ansible/deploy_logic_pull.yml b/infrastructure/ansible/deploy_logic_pull.yml
index 1fcccba..e13b4f3 100644
--- a/infrastructure/ansible/deploy_logic_pull.yml
+++ b/infrastructure/ansible/deploy_logic_pull.yml
@@ -41,12 +41,12 @@
       {# Fallback: Wenn app_secrets direkt die Daten sind oder in 'secret'/'data' stecken #}
       {% set final_secrets = app_secrets.secret | default(app_secrets.data | default(app_secrets)) %}
       {% if final_secrets is mapping %}
-        {% for key, value in final_secrets.items() %}
-          {# Filtere Meta-Daten raus, falls wir doch das falsche Level erwischt haben #}
-          {% if key not in ['data', 'metadata', 'auth', 'lease_id', 'lease_duration', 'renewable', 'request_id', 'wrap_info', 'warnings', 'raw'] %}
-            {{ key | trim }}={{ value }}
-          {% endif %}
-        {% endfor %}
+      {% for key, value in final_secrets.items() %}
+      {# Filtere Meta-Daten raus #}
+      {% if key not in ['data', 'metadata', 'auth', 'lease_id', 'lease_duration', 'renewable', 'request_id', 'wrap_info', 'warnings', 'raw'] %}
+      {{ key | trim }}={{ value }}
+      {% endif %}
+      {% endfor %}
       {% endif %}
     mode: '0600'
   when: catalog_entry.stat.exists and app_item.has_secrets | default(false) and app_secrets is defined and app_secrets | length > 0
diff --git a/infrastructure/ansible/deploy_logic_push.yml b/infrastructure/ansible/deploy_logic_push.yml
index 747feca..91ef93b 100644
--- a/infrastructure/ansible/deploy_logic_push.yml
+++ b/infrastructure/ansible/deploy_logic_push.yml
@@ -54,12 +54,12 @@
       {# Fallback: Wenn app_secrets direkt die Daten sind oder in 'secret'/'data' stecken #}
       {% set final_secrets = app_secrets.secret | default(app_secrets.data | default(app_secrets)) %}
       {% if final_secrets is mapping %}
-        {% for key, value in final_secrets.items() %}
-          {# Filtere Meta-Daten raus, falls wir doch das falsche Level erwischt haben #}
-          {% if key not in ['data', 'metadata', 'auth', 'lease_id', 'lease_duration', 'renewable', 'request_id', 'wrap_info', 'warnings', 'raw'] %}
-            {{ key | trim }}={{ value }}
-          {% endif %}
-        {% endfor %}
+      {% for key, value in final_secrets.items() %}
+      {# Filtere Meta-Daten raus #}
+      {% if key not in ['data', 'metadata', 'auth', 'lease_id', 'lease_duration', 'renewable', 'request_id', 'wrap_info', 'warnings', 'raw'] %}
+      {{ key | trim }}={{ value }}
+      {% endif %}
+      {% endfor %}
       {% endif %}
     mode: '0600'
   when: app_item.has_secrets | default(false) and app_secrets | length > 0