diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
index 8dc8c3f..cb14b11 100644
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -82,12 +82,13 @@ jobs:
       - name: Setup SSH
         env:
           SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }}
-          SSH_HOST: ${{ secrets.HETZNER_HOST }}
+          SSH_HOST: ${{ vars.HETZNER_HOST }}
         run: |
           if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
-            echo "FATAL: HETZNER_SSH_KEY oder HETZNER_HOST nicht gesetzt"
+            echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
             exit 1
           fi
+          echo "Deploying to host: $SSH_HOST"
           mkdir -p ~/.ssh
           printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
           chmod 600 ~/.ssh/id_ed25519
@@ -95,16 +96,16 @@ jobs:
 
       - name: Upload artifact zu Hetzner
         env:
-          SSH_HOST: ${{ secrets.HETZNER_HOST }}
-          SSH_USER: ${{ secrets.HETZNER_USER }}
+          SSH_HOST: ${{ vars.HETZNER_HOST }}
+          SSH_USER: ${{ vars.HETZNER_USER }}
         run: |
           scp -i ~/.ssh/id_ed25519 backend-output.tar.gz \
             "$SSH_USER@$SSH_HOST:/srv/rebreak/backend/.output-incoming.tar.gz"
 
       - name: Server-side deploy (extract + migrate + pm2 restart)
         env:
-          SSH_HOST: ${{ secrets.HETZNER_HOST }}
-          SSH_USER: ${{ secrets.HETZNER_USER }}
+          SSH_HOST: ${{ vars.HETZNER_HOST }}
+          SSH_USER: ${{ vars.HETZNER_USER }}
         run: |
           ssh -i ~/.ssh/id_ed25519 "$SSH_USER@$SSH_HOST" \
             'bash /srv/rebreak/scripts/deploy-from-artifact.sh'