diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
index 09acbf292..22f0b806a 100755
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
@@ -4,25 +4,32 @@ source /tmp/cloud_init_vars
 
 echo "Deploy AWS credentials."
 
-# Deploy the AWS credentials file if the secret ARN was set.
-if [[ -n "$AWS_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then
-  /usr/local/bin/aws secretsmanager get-secret-value \
-    --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \
-    --secret-id "${AWS_ACCOUNT_IMAGE_BUILDER_ARN}" | jq -r ".SecretString" > /tmp/aws_credentials.json
-  ACCESS_KEY_ID=$(jq -r ".access_key_id" /tmp/aws_credentials.json)
-  SECRET_ACCESS_KEY=$(jq -r ".secret_access_key" /tmp/aws_credentials.json)
-  rm /tmp/aws_credentials.json
 
-  sudo tee /etc/osbuild-worker/aws_credentials.toml > /dev/null << EOF
+echo "Write the bucket."
+# Always create the header and write the bucket, it's slightly ugly but it will work
+sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+[aws]
+bucket = "${WORKER_CONFIG_AWS_BUCKET:-}"
+EOF
+
+if [[ -z "$AWS_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then
+  echo "AWS_ACCOUNT_IMAGE_BUILDER_ARN not defined, skipping."
+  exit 0
+fi
+
+/usr/local/bin/aws secretsmanager get-secret-value \
+--endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \
+--secret-id "${AWS_ACCOUNT_IMAGE_BUILDER_ARN}" | jq -r ".SecretString" > /tmp/aws_credentials.json
+ACCESS_KEY_ID=$(jq -r ".access_key_id" /tmp/aws_credentials.json)
+SECRET_ACCESS_KEY=$(jq -r ".secret_access_key" /tmp/aws_credentials.json)
+rm /tmp/aws_credentials.json
+
+sudo tee /etc/osbuild-worker/aws_credentials.toml > /dev/null << EOF
 [default]
 aws_access_key_id = "$ACCESS_KEY_ID"
 aws_secret_access_key = "$SECRET_ACCESS_KEY"
 EOF
 
-  sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
-[aws]
+sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
 credentials = "${WORKER_CONFIG_AWS_CREDENTIALS:-}"
-bucket = "${WORKER_CONFIG_AWS_BUCKET:-}"
 EOF
-
-fi
diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh
index c2bfbf750..640f8dabc 100755
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh
@@ -4,6 +4,11 @@ source /tmp/cloud_init_vars
 
 echo "Deploy Azure credentials."
 
+if [[ -z "$AZURE_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then
+  echo "AZURE_ACCOUNT_IMAGE_BUILDER_ARN not defined, skipping."
+  exit 0
+fi
+
 # Deploy the Azure credentials file.
 /usr/local/bin/aws secretsmanager get-secret-value \
   --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \
diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh
index 1ea58ba20..1b8f816a4 100755
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh
@@ -4,6 +4,11 @@ source /tmp/cloud_init_vars
 
 echo "Deploy GCP credentials."
 
+if [[ -z "$GCP_SERVICE_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then
+  echo "GCP_SERVICE_ACCOUNT_IMAGE_BUILDER_ARN not defined, skipping."
+  exit 0
+fi
+
 # Deploy the GCP Service Account credentials file.
 /usr/local/bin/aws secretsmanager get-secret-value \
   --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \