diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index e5823db..901d420 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -13,17 +13,20 @@ jobs:
         uses: appleboy/ssh-action@v1.0.0
         env:
           VAULT_PASS: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+          DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
         with:
           host: ${{ secrets.SSH_HOST }}
           username: ${{ secrets.SSH_USER }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: 22
-          envs: VAULT_PASS
+          envs: VAULT_PASS,DEPLOY_PATH
           script: |
-            set -e
-            cd ${{ secrets.DEPLOY_PATH }}
-            VAULT_FILE="$(mktemp)"
-            trap 'rm -f "$VAULT_FILE"' EXIT
-            printf '%s' "$VAULT_PASS" > "$VAULT_FILE"
-            chmod 600 "$VAULT_FILE"
-            ansible-playbook ansible/deploy.yml -i ansible/hosts.ini --vault-password-file "$VAULT_FILE"
+            bash -c '
+              set -e
+              cd "$DEPLOY_PATH"
+              VAULT_FILE="$(mktemp)"
+              trap "rm -f \"$VAULT_FILE\"" EXIT
+              printf "%s" "$VAULT_PASS" > "$VAULT_FILE"
+              chmod 600 "$VAULT_FILE"
+              ansible-playbook ansible/deploy.yml -i ansible/hosts.ini --vault-password-file "$VAULT_FILE"
+            '