diff --git a/.github/workflows/vrt-update-apply.yml b/.github/workflows/vrt-update-apply.yml
index 0ae775d886..12326eb4f8 100644
--- a/.github/workflows/vrt-update-apply.yml
+++ b/.github/workflows/vrt-update-apply.yml
@@ -59,6 +59,7 @@ jobs:
           repository: ${{ steps.metadata.outputs.head_repo }}
           ref: ${{ steps.metadata.outputs.head_ref }}
           token: ${{ secrets.ACTIONS_UPDATE_TOKEN }}
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Validate and apply patch
@@ -123,9 +124,10 @@ jobs:
           HEAD_REPO: ${{ steps.metadata.outputs.head_repo }}
           GITHUB_TOKEN: ${{ secrets.ACTIONS_UPDATE_TOKEN }}
         run: |
-          # Configure git to use the token via credential helper (avoids token in URLs/logs)
-          git config --local credential.helper '!f() { echo "username=x-access-token"; echo "password=${GITHUB_TOKEN}"; }; f'
-          git remote set-url origin "https://github.com/${HEAD_REPO}.git"
+          # Use PAT in URL to ensure push triggers CI workflows
+          # Note: GitHub Actions automatically masks secrets in logs
+          git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@github.com/${HEAD_REPO}.git"
+
           git push origin "HEAD:refs/heads/$HEAD_REF"
           echo "Successfully pushed VRT updates to $HEAD_REPO@$HEAD_REF"
 
diff --git a/upcoming-release-notes/6363.md b/upcoming-release-notes/6363.md
new file mode 100644
index 0000000000..46f50bec7b
--- /dev/null
+++ b/upcoming-release-notes/6363.md
@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [MatissJanis]
+---
+
+Another approach at triggering ci jobs after update-vrt workflow