diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
deleted file mode 100644
index cb3a17f..0000000
--- a/.github/workflows/gradle-wrapper-validation.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-name: "Validate Gradle Wrapper"
-on: [push]
-
-jobs:
-  validation:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: gradle/wrapper-validation-action@v1
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 20e899c..5cfaff7 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -40,9 +40,10 @@ jobs:
     if: github.ref == 'refs/heads/main'
     environment: Sonatype
     env:
+      ORG_GRADLE_PROJECT_sonatypePass: ${{ secrets.SONATYPE_API_KEY }}
+      ORG_GRADLE_PROJECT_sonatypeUser: ${{ secrets.SONATYPE_USER }}
       SONATYPE_GPG_KEY: ${{ secrets.SONATYPE_GPG_KEY }}
       SONATYPE_GPG_KEY_PASSWORD: ${{ secrets.SONATYPE_GPG_KEY_PASSWORD }}
-      SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
     steps:
       - uses: actions/checkout@v4
       - name: Set up JDK 17
@@ -56,7 +57,4 @@ jobs:
           name: kase64_build
       - name: Publish to Sonatype (Maven Central)
         shell: bash
-        run: |
-          brew install gnupg
-          ./scripts/secret decrypt --password ${SECRETS_KEY}
-          ./scripts/publish
+        run: ./scripts/publish
diff --git a/.github/workflows/mobsf.yml b/.github/workflows/security.yml
similarity index 76%
rename from .github/workflows/mobsf.yml
rename to .github/workflows/security.yml
index 9cd1fa8..ec0f87e 100644
--- a/.github/workflows/mobsf.yml
+++ b/.github/workflows/security.yml
@@ -1,8 +1,8 @@
-name: MobSF
+name: Security
 on: [push]
 
 jobs:
-  mobile-security:
+  mobfs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
@@ -20,4 +20,10 @@ jobs:
       - name: Upload mobsfscan report
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: results.sarif
\ No newline at end of file
+          sarif_file: results.sarif
+
+  gradle-validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gradle/wrapper-validation-action@v1
\ No newline at end of file
diff --git a/kase64/build.gradle.kts b/kase64/build.gradle.kts
index 63be094..232bb82 100644
--- a/kase64/build.gradle.kts
+++ b/kase64/build.gradle.kts
@@ -88,14 +88,16 @@ publishing {
         }
     }
 
-    repositories {
-        maven {
-            name = "sonatype"
-            credentials {
-                username = Secrets.Sonatype.user
-                password = Secrets.Sonatype.apiKey
+    if (hasProperty("sonatypeUser") && hasProperty("sonatypePass")) {
+        repositories {
+            maven {
+                name = "sonatype"
+                credentials {
+                    username = property("sonatypeUser") as String
+                    password = property("sonatypePass") as String
+                }
+                url = uri("https://oss.sonatype.org/service/local/staging/deploy/maven2")
             }
-            url = uri("https://oss.sonatype.org/service/local/staging/deploy/maven2")
         }
     }
 }
diff --git a/scripts/publish b/scripts/publish
index 4b4138b..f1da892 100755
--- a/scripts/publish
+++ b/scripts/publish
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Script to publish libary in case a release commit is discovered
+# Script to publish a library in case a release commit is discovered
 #
 
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
diff --git a/scripts/secret b/scripts/secret
deleted file mode 100755
index e55acb4..0000000
--- a/scripts/secret
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/bash
-#
-# Script to encrypt / decrypt secrets.
-#
-
-SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-. "${SCRIPT_DIR}/inc.functions.sh"
-
-# Constants
-SECRET_FILES=(
-  buildSrc/src/main/kotlin/Secrets.kt
-)
-
-# Functions
-function usage() {
-  echo -e "Usage: ${0} [COMMAND]"
-  echo -e "Options:"
-  echo -e "  --password PASSWORD"
-  echo -e "Commands:"
-  echo -e "  decrypt"
-  echo -e "  encrypt"
-  exit 1
-}
-
-# Command-line arguments
-password=
-command=
-files=("${SECRET_FILES[@]}")
-while [[ $# -gt 0 ]]; do
-  key="$1"
-  case ${key} in
-  decrypt)
-    command=decrypt
-    ;;
-  encrypt)
-    command=encrypt
-    ;;
-  -p | --password)
-    password="--passphrase $2"
-    shift # past argument
-    ;;
-  -h | --help)
-    usage
-    ;;
-  *)
-    warn "Unknown option: ${key}"
-    usage
-    ;;
-  esac
-  shift # past argument or value
-done
-
-# Checks
-[[ -n "${command}" ]] || usage
-
-# Let's roll
-case ${command} in
-decrypt)
-  for file in "${files[@]}"; do
-    approve "Decrypting ${file}.enc"
-    safe gpg --batch --yes ${password} --output "${file}" --decrypt "${file}.gpg"
-    if [[ "$(file -b "${file}")" == "data" ]]; then
-      rm -f "${file}"
-      die "Failed to decrypt ${file}"
-    fi
-  done
-  ;;
-encrypt)
-  for file in "${files[@]}"; do
-    approve "Encrypting ${file}"
-    safe gpg --batch --yes ${password} --output "${file}.gpg" --symmetric "${file}"
-  done
-  ;;
-esac