diff --git a/.github/workflows/staging-testflight-build.yml b/.github/workflows/staging-testflight-build.yml
index c27aaafa..98f65d0f 100644
--- a/.github/workflows/staging-testflight-build.yml
+++ b/.github/workflows/staging-testflight-build.yml
@@ -56,12 +56,6 @@ jobs:
           bundle config set path vendor/bundle
           bundle install --jobs 4 --retry 3
 
-      - name: Clear runner AWS profile overrides
-        if: ${{ !inputs.dry_run }}
-        run: |
-          echo "AWS_PROFILE=" >> "$GITHUB_ENV"
-          echo "AWS_DEFAULT_PROFILE=" >> "$GITHUB_ENV"
-
       - name: Configure AWS credentials via OIDC
         if: ${{ !inputs.dry_run }}
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/testflight-build.yml b/.github/workflows/testflight-build.yml
index ec0be5ed..df754889 100644
--- a/.github/workflows/testflight-build.yml
+++ b/.github/workflows/testflight-build.yml
@@ -55,12 +55,6 @@ jobs:
           bundle config set path vendor/bundle
           bundle install --jobs 4 --retry 3
 
-      - name: Clear runner AWS profile overrides
-        if: ${{ !inputs.dry_run }}
-        run: |
-          echo "AWS_PROFILE=" >> "$GITHUB_ENV"
-          echo "AWS_DEFAULT_PROFILE=" >> "$GITHUB_ENV"
-
       - name: Configure AWS credentials via OIDC
         if: ${{ !inputs.dry_run }}
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/scripts/ci/emit_release_manifest.sh b/scripts/ci/emit_release_manifest.sh
index 7be15651..83f0789c 100755
--- a/scripts/ci/emit_release_manifest.sh
+++ b/scripts/ci/emit_release_manifest.sh
@@ -23,11 +23,21 @@ GIT_SHA="${GIT_SHA:?}"
 WORKFLOW_RUN_ID="${WORKFLOW_RUN_ID:?}"
 S3_BUCKET_PREFIX="${S3_BUCKET_PREFIX:?}"
 
+clean_aws_profiles() {
+  if [[ -z "${AWS_PROFILE//[[:space:]]/}" ]]; then
+    unset AWS_PROFILE
+  fi
+  if [[ -z "${AWS_DEFAULT_PROFILE//[[:space:]]/}" ]]; then
+    unset AWS_DEFAULT_PROFILE
+  fi
+}
+
 UPLOADED_AT="$(date -u +%Y-%m-%dT%H:%M:%S.000Z)"
 MANIFEST_FILE="release-manifest.json"
 PREV_MANIFEST_FILE="previous-manifest.json"
 
 # Idempotency: if a manifest already exists for this SHA, reuse it.
+clean_aws_profiles
 if aws s3 cp "${S3_BUCKET_PREFIX}/${GIT_SHA}.json" "${MANIFEST_FILE}" 2>/dev/null; then
   echo "Manifest already exists for SHA ${GIT_SHA}. Re-uploading (idempotent)."
   aws s3 cp "${MANIFEST_FILE}" "${S3_BUCKET_PREFIX}/${GIT_SHA}.json"