diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 2d266e90..505e7459 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -240,14 +240,15 @@ jobs:
     # Test-stage quality gate: runs between build and release.
     # continue-on-error keeps it skippable so a failure never blocks release.
     continue-on-error: true
-    if: ${{ github.event_name != 'push' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
+    # This check needs Vault-backed credentials, so skip it for PR events
+    # and keep it for push / dispatch release flows only.
+    if: ${{ github.event_name != 'pull_request' }}
     steps:
       - name: Checkout source
         uses: actions/checkout@v7
 
       - name: Load Vault secrets
         id: vault
-        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
         uses: hashicorp/vault-action@v4
         with:
           url: ${{ env.VAULT_ADDR }}