diff --git a/rubberduckvba.Server/WebhookSignatureValidationService.cs b/rubberduckvba.Server/WebhookSignatureValidationService.cs
index 86cbdaf..5047df9 100644
--- a/rubberduckvba.Server/WebhookSignatureValidationService.cs
+++ b/rubberduckvba.Server/WebhookSignatureValidationService.cs
@@ -5,7 +5,7 @@
 
 namespace rubberduckvba.Server;
 
-public class WebhookSignatureValidationService(ConfigurationOptions configuration)
+public class WebhookSignatureValidationService(ConfigurationOptions configuration, ILogger<WebhookSignatureValidationService> logger)
 {
     public bool Validate(
         string payload,
@@ -64,8 +64,13 @@ private bool IsValidSignature(string? signature, string payload)
         }
 
         var secret = configuration.GitHubOptions.Value.WebhookToken;
-        var secretBytes = Encoding.UTF8.GetBytes(secret);
+        if (string.IsNullOrWhiteSpace(secret))
+        {
+            logger.LogWarning("Webhook secret was not found; signature will not be validated.");
+            return false;
+        }
 
+        var secretBytes = Encoding.UTF8.GetBytes(secret);
         var payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(JsonConvert.DeserializeObject(payload)));
 
         using var digest = new HMACSHA256(secretBytes);