diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml
index 3d28c55d5a8708994ede071cfc0202f1faf9d57d..48121768a3907e7ad9e3e460d0a4f18597ead49d 100644
--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -790,6 +790,12 @@ stages:
     log_info "Commit signing setup complete."
   }
 
+  function clear_vault_env() {
+    # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name)
+    # shellcheck disable=SC2046
+    unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs)
+  }
+
   unscope_variables
   eval_all_secrets
 
@@ -809,6 +815,7 @@ stages:
     - cd "${SEMREL_CONFIG_DIR}"
     - prepare_semantic_release
     - install_semantic_release_plugins
+    - clear_vault_env
   variables:
     # download cache
     XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"