diff --git a/docs/generated/checks.md b/docs/generated/checks.md
index 772475bc0..1ea5f414b 100644
--- a/docs/generated/checks.md
+++ b/docs/generated/checks.md
@@ -222,7 +222,7 @@ IgnoredSecrets: []
 **Parameters**:
 
 ```yaml
-name: (?i).*secret.*
+name: (?i).*secret([^s].*|$)
 value: .+
 ```
 ## exposed-services
diff --git a/pkg/builtinchecks/yamls/env-var-secret.yaml b/pkg/builtinchecks/yamls/env-var-secret.yaml
index 80cca27c1..1cdbc9801 100644
--- a/pkg/builtinchecks/yamls/env-var-secret.yaml
+++ b/pkg/builtinchecks/yamls/env-var-secret.yaml
@@ -8,5 +8,5 @@ scope:
     - DeploymentLike
 template: "env-var"
 params:
-  name: "(?i).*secret.*"
+  name: "(?i).*secret([^s].*|$)"
   value: ".+"
diff --git a/tests/checks/env-var-secret.yml b/tests/checks/env-var-secret.yml
index 36be6fba3..9468f12b6 100644
--- a/tests/checks/env-var-secret.yml
+++ b/tests/checks/env-var-secret.yml
@@ -27,6 +27,19 @@ spec:
 ---
 apiVersion: apps/v1
 kind: Deployment
+metadata:
+  name: secrets-dir
+spec:
+  template:
+    spec:
+      containers:
+        - name: app
+          env:
+            - name: SECRETS_DIR
+              value: /mnt/secrets
+---
+apiVersion: apps/v1
+kind: Deployment
 metadata:
   name: app
 spec:
@@ -49,4 +62,4 @@ spec:
       - name: app
         env:
         - name: SECRET_BLAH
-          value: secretsquirrels
\ No newline at end of file
+          value: secretsquirrels