diff --git a/.woodpecker/db.yml b/.woodpecker/db.yml
index 17c36ab..16feb10 100644
--- a/.woodpecker/db.yml
+++ b/.woodpecker/db.yml
@@ -22,9 +22,6 @@ steps:
     commands:
       - apk add --no-cache curl bash coreutils sed python3 openssh-keygen
       - mkdir -p secrets
-      # fetch registry creds
-      - ./ci/vlt kv_to_file kv registry user secrets/REGISTRY_USER 600
-      - ./ci/vlt kv_to_file kv registry password secrets/REGISTRY_PASS 600
       # fetch SSH private key for deploy (base64-encoded) and decode
       - ./ci/vlt kv_to_file kv ops/deploy/ssh_key private_b64 secrets/SSH_KEY.b64 600
       - base64 -d secrets/SSH_KEY.b64 > secrets/SSH_KEY
diff --git a/ci/prod/scripts/deploy-db.sh b/ci/prod/scripts/deploy-db.sh
index c3ee277..483521c 100755
--- a/ci/prod/scripts/deploy-db.sh
+++ b/ci/prod/scripts/deploy-db.sh
@@ -11,17 +11,11 @@ REMOTE_TARGET="${SSH_USER}@${SSH_HOST}"
 ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}"
 rsync -avz --delete ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/"
 rsync -avz ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime"
-rsync -avz secrets/REGISTRY_USER "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.user"
-rsync -avz secrets/REGISTRY_PASS "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.pass"
 ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" REMOTE_DIR="$REMOTE_DIR" <<'EOSSH'
   set -xeuo pipefail
   cd "${REMOTE_DIR}/compose"
   set -a
   . ../env/.env.runtime
-  export REGISTRY_USER="$(cat ../env/.env.registry.user)"
-  export REGISTRY_PASS="$(cat ../env/.env.registry.pass)"
-  mkdir -p ~/.docker
-  echo "${REGISTRY_PASS}" | docker login "${REGISTRY_URL}" --username "${REGISTRY_USER}" --password-stdin >/dev/null
   set +a
   docker compose -f db.yml pull
   docker compose -f db.yml up -d --remove-orphans