diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a7b0430e6a2c3ca93302a6bebeb9a84ef6725459..54c492ad17d5194879a8e2aa8c8488ce33f111a0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -151,10 +151,11 @@ deployment-test:
         - echo "$DEV_DOCKER_CA_CERT" > $DOCKER_CERT_PATH/ca.pem
         - echo "$DEV_DOCKER_CLIENT_CERT" > $DOCKER_CERT_PATH/cert.pem
         - echo "$DEV_DOCKER_CLIENT_KEY" > $DOCKER_CERT_PATH/key.pem
-    script:
+        - if [[ -d "$MODIFIED_IMAGE/secrets" ]]; then ./decrypt-secrets.sh; done
         - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
         - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
         - docker tag $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest  $MODIFIED_IMAGE_FULL
+    script:        
         - cd $MODIFIED_IMAGE
         - sed -i -e  s/picasoft.net/test.picasoft.net/g docker-compose.yml
         - if [[ $(docker container ls --format "{{.Names}}" | grep $CONTAINER_NAME) ]]; then docker stop $CONTAINER_NAME | xargs docker rm; fi
@@ -190,10 +191,11 @@ deployment-prod:
         - echo "$DOCKER_CA_CERT_VARIABLE" > $DOCKER_CERT_PATH/ca.pem
         - echo "$DOCKER_CLIENT_CERT_VARIABLE" > $DOCKER_CERT_PATH/cert.pem
         - echo "$DOCKER_CLIENT_KEY_VARIABLE" > $DOCKER_CERT_PATH/key.pem
-    script:
+        - if [[ -d "$MODIFIED_IMAGE/secrets" ]]; then ./decrypt-secrets.sh; done
         - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
         - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
         - docker tag $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest  $MODIFIED_IMAGE_FULL
+    script:
         - cd $MODIFIED_IMAGE
         - if [[ $(docker container ls --format "{{.Names}}" | grep $CONTAINER_NAME) ]]; then docker stop $CONTAINER_NAME | xargs docker rm; fi
         - docker-compose up -d --force-recreate --remove-orphans $CONTAINER_NAME
diff --git a/decrypt-secrets.sh b/decrypt-secrets.sh
index f5081cc7ca303091f6006959eaa1a5df9659f3ca..eaa4d9a32b2f09a77c65cf2496fc5c22b0f0e561 100644
--- a/decrypt-secrets.sh
+++ b/decrypt-secrets.sh
@@ -19,7 +19,6 @@ echo $SECRETS_PATH
 for container_secrets_folder in $SECRETS_PATH/*;
 do
     CONTAINER_NAME=$(basename $container_secrets_folder)
-    echo "decrypt loop"
     for encrypted_secret in $container_secrets_folder/*;
     do
         SECRET_NAME=$(basename $encrypted_secret) 
diff --git a/pica-etherpad/clair-whitelist.yml b/pica-etherpad/clair-whitelist.yml
index 4fafe750533b7190fadef4a77f97c91b67bebcb8..3e2f6a71ca76b8589ce080fe31db03bf1899fad9 100644
--- a/pica-etherpad/clair-whitelist.yml
+++ b/pica-etherpad/clair-whitelist.yml
@@ -20,4 +20,4 @@ generalwhitelist:
     CVE-2017-12424: shadow -> Pas de contre mesure
     CVE-2018-6954: systemd -> Pas de contre mesure
     CVE-2018-15686: systemd -> Pas de contre mesure
-    CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure
\ No newline at end of file
+    CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure 
\ No newline at end of file