diff --git a/app/controllers/hcb/oauth_connections_controller.rb b/app/controllers/hcb/oauth_connections_controller.rb
index 7107590..55df7ec 100644
--- a/app/controllers/hcb/oauth_connections_controller.rb
+++ b/app/controllers/hcb/oauth_connections_controller.rb
@@ -36,8 +36,8 @@ class HCB::OauthConnectionsController < ApplicationController
 
   def hcb_oauth_client
     @hcb_oauth_client ||= OAuth2::Client.new(
-      Rails.application.credentials.dig(:hcb, :client_id),
-      Rails.application.credentials.dig(:hcb, :client_secret),
+      ENV.fetch("HCB_CLIENT_ID"),
+      ENV.fetch("HCB_CLIENT_SECRET"),
       site: "#{hcb_api_base}/api/v4/",
       authorize_url: "oauth/authorize",
       token_url: "oauth/token",
diff --git a/app/models/hcb/oauth_connection.rb b/app/models/hcb/oauth_connection.rb
index 66a96a9..016c983 100644
--- a/app/models/hcb/oauth_connection.rb
+++ b/app/models/hcb/oauth_connection.rb
@@ -28,8 +28,8 @@ class HCB::OauthConnection < ApplicationRecord
 
   def client
     @client ||= HCBV4::Client.from_credentials(
-      client_id: Rails.application.credentials.dig(:hcb, :client_id),
-      client_secret: Rails.application.credentials.dig(:hcb, :client_secret),
+      client_id: ENV.fetch("HCB_CLIENT_ID"),
+      client_secret: ENV.fetch("HCB_CLIENT_SECRET"),
       access_token: access_token,
       refresh_token: refresh_token,
       expires_at: expires_at&.to_i,
diff --git a/app/models/hcb/payment_account.rb b/app/models/hcb/payment_account.rb
index 297d41d..65548d4 100644
--- a/app/models/hcb/payment_account.rb
+++ b/app/models/hcb/payment_account.rb
@@ -38,7 +38,7 @@ class HCB::PaymentAccount < ApplicationRecord
   def create_disbursement!(amount_cents:, memo:)
     result = client.create_disbursement(
       event_id: organization_id,
-      to_organization_id: Rails.application.credentials.dig(:hcb, :recipient_org_id),
+      to_organization_id: ENV.fetch("HCB_RECIPIENT_ORG_ID"),
       amount_cents: amount_cents,
       name: memo,
     )