diff --git a/src/endpoints/secrets.js b/src/endpoints/secrets.js
index 3014f3e69..4bf8687b4 100644
--- a/src/endpoints/secrets.js
+++ b/src/endpoints/secrets.js
@@ -213,12 +213,13 @@ router.post('/view', jsonParser, async (_, response) => {
 router.post('/find', jsonParser, (request, response) => {
     const allowKeysExposure = getConfigValue('allowKeysExposure', false);
 
-    if (!allowKeysExposure) {
+    const key = request.body.key;
+    
+    if (!allowKeysExposure && key.slice(key.length-4) !== '_url' ) {
         console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true');
         return response.sendStatus(403);
     }
 
-    const key = request.body.key;
 
     try {
         const secret = readSecret(key);