diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 89ab538d..f2c8069f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -3,9 +3,9 @@ name: CI
 
 env:
   WSLENV: "HELM_SECRETS_BACKEND:BATS_REPORT_FILENAME:BATS_TEST_NAME_PREFIX"
-  VERSION_HELM: v3.11.1
+  VERSION_HELM: v3.12.3
   VERSION_SOPS: v3.7.3
-  VERSION_VALS: v0.24.0
+  VERSION_VALS: v0.26.2
 
 on:
   pull_request:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 41419b6c..2ac9d37a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,11 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.5.0] - 2023-08-14
+
 ### Added 
 - Added `--decrypt-secrets-in-tmp-dir` to solve concurrency issues or if work disk is read-only
 
 ### Changes
-- BREAKING: helm-secrets requires vals 0.22 or higher
+- BREAKING: helm-secrets requires vals 0.26.2 or higher
 
 ### Fixed
 - Avoid quoting issues with literals and `vals` backend
diff --git a/scripts/commands/post-renderer.sh b/scripts/commands/post-renderer.sh
index 23b657d9..edfb7d20 100755
--- a/scripts/commands/post-renderer.sh
+++ b/scripts/commands/post-renderer.sh
@@ -4,8 +4,8 @@ set -euf
 
 post_renderer() {
     if [ "${EVALUATE_TEMPLATES_DECODE_SECRETS}" = "true" ]; then
-        _vals ksdecode -f - | _vals_backend_decrypt_file "yaml" "-"
-    else
-        _vals_backend_decrypt_file "yaml" "-"
+        SECRET_BACKEND_ARGS="${SECRET_BACKEND_ARGS:-} -decode-kubernetes-secrets"
     fi
+
+    _vals_backend_decrypt_file "yaml" "-"
 }
diff --git a/scripts/lib/backends/vals.sh b/scripts/lib/backends/vals.sh
index dcec6b5c..c63dfa63 100644
--- a/scripts/lib/backends/vals.sh
+++ b/scripts/lib/backends/vals.sh
@@ -6,7 +6,7 @@ _VALS="${HELM_SECRETS_VALS_PATH:-vals}"
 
 _vals() {
     # shellcheck disable=SC2086
-    set -- ${SECRET_BACKEND_ARGS} "$@"
+    set -- "$@" ${SECRET_BACKEND_ARGS}
 
     # In case of an error, give us stderr
     # https://github.com/variantdev/vals/issues/60
diff --git a/tests/unit/template.bats b/tests/unit/template.bats
index fee85c0d..80e1bc0f 100755
--- a/tests/unit/template.bats
+++ b/tests/unit/template.bats
@@ -1869,8 +1869,8 @@ load '../bats/extensions/bats-file/load'
 
     assert_output --partial 'config: "42"'
     assert_output --partial 'config.env: "44"'
-    assert_output --partial 'secret: "42"'
-    assert_output --partial 'secret.env: "44"'
+    assert_output --partial 'secret: NDI='
+    assert_output --partial 'secret.env: NDQ='
     assert_success
 }
 
@@ -1887,8 +1887,8 @@ load '../bats/extensions/bats-file/load'
 
     assert_output --partial 'config: "42"'
     assert_output --partial 'config.env: "44"'
-    assert_output --partial 'secret: "42"'
-    assert_output --partial 'secret.env: "44"'
+    assert_output --partial 'secret: NDI='
+    assert_output --partial 'secret.env: NDQ='
     assert_success
 }
 
@@ -1905,8 +1905,8 @@ load '../bats/extensions/bats-file/load'
 
     assert_output --partial 'config: "42"'
     assert_output --partial 'config.env: "44"'
-    assert_output --partial 'secret: "42"'
-    assert_output --partial 'secret.env: "44"'
+    assert_output --partial 'secret: NDI='
+    assert_output --partial 'secret.env: NDQ='
     assert_success
 }