diff --git a/.github/workflows/on-helm-release-pr-merged.yml b/.github/workflows/on-helm-release-pr-merged.yml
index 9f107bfefd..4d1dde5939 100644
--- a/.github/workflows/on-helm-release-pr-merged.yml
+++ b/.github/workflows/on-helm-release-pr-merged.yml
@@ -8,35 +8,20 @@ on:
       - helm/oncall/Chart.yaml
 
 jobs:
-  get-irm-app-token:
-    runs-on: ubuntu-latest
-    outputs:
-      token: ${{ steps.generate-token.outputs.token }}
-    steps:
-      - name: Get Vault secrets
-        id: get-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main
-        with:
-          repo_secrets: |
-            GH_APP_ID=github-app:app-id
-            GH_APP_PRIVATE_KEY=github-app:private-key
-
-      - name: Generate Github App token
-        id: generate-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ env.GH_APP_ID }}
-          private-key: ${{ env.GH_APP_PRIVATE_KEY }}
-          owner: grafana
-          repositories: "helm-charts"
-
+  # NOTE: unfortunately we need to store GH_APP_ID and GH_APP_PRIVATE_KEY as repository secrets
+  # (even though we already store them in Vault), because GitHub does not allow passing the `token` output
+  # of the `actions/create-github-app-token` action ACROSS jobs.
+  #
+  # Because grafana/helm-charts/.github/workflows/update-helm-repo.yaml is a reusable workflow, and not a composite
+  # action, there is no way to run job steps before the reusable workflow to do so within the same job.
+  #
+  # see https://github.com/actions/create-github-app-token/issues/66 for more details
   call-update-helm-repo:
     uses: grafana/helm-charts/.github/workflows/update-helm-repo.yaml@main
-    needs:
-      - get-irm-app-token
     with:
       charts_dir: helm
       cr_configfile: helm/cr.yaml
       ct_configfile: helm/ct.yaml
     secrets:
-      helm_repo_token: ${{ needs.get-irm-app-token.outputs.token }}
+      github_app_id: ${{ secrets.GH_APP_ID }}
+      github_app_pem: ${{ secrets.GH_APP_PRIVATE_KEY }}
diff --git a/helm/oncall/Chart.yaml b/helm/oncall/Chart.yaml
index a39062a80c..1362b78265 100644
--- a/helm/oncall/Chart.yaml
+++ b/helm/oncall/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: oncall
 description: Developer-friendly incident response with brilliant Slack integration
 type: application
-version: 1.9.27
-appVersion: v1.9.27
+version: 1.9.29
+appVersion: v1.9.29
 dependencies:
   - name: cert-manager
     version: v1.8.0