diff --git a/other-cel/disallow-secrets-from-env-vars/.chainsaw-test/podcontrollers-bad.yaml b/other-cel/disallow-secrets-from-env-vars/.chainsaw-test/podcontrollers-bad.yaml
index b624674c3..ac31368ed 100644
--- a/other-cel/disallow-secrets-from-env-vars/.chainsaw-test/podcontrollers-bad.yaml
+++ b/other-cel/disallow-secrets-from-env-vars/.chainsaw-test/podcontrollers-bad.yaml
@@ -100,4 +100,4 @@ spec:
                   name: foo
             - image: busybox:1.35
               name: busybox02
-          restartPolicy: OnFailures
\ No newline at end of file
+          restartPolicy: OnFailure
\ No newline at end of file
diff --git a/other-cel/disallow-secrets-from-env-vars/.kyverno-test/kyverno-test.yaml b/other-cel/disallow-secrets-from-env-vars/.kyverno-test/kyverno-test.yaml
index c0211594a..c2a303dbe 100644
--- a/other-cel/disallow-secrets-from-env-vars/.kyverno-test/kyverno-test.yaml
+++ b/other-cel/disallow-secrets-from-env-vars/.kyverno-test/kyverno-test.yaml
@@ -11,23 +11,13 @@ results:
   policy: secrets-not-from-env-vars
   resources:
   - default/secret-env-pod
+  - default/secret-ref-pod
   result: fail
   rule: secrets-not-from-env-vars
 - kind: Pod
   policy: secrets-not-from-env-vars
   resources:
-  - default/secret-ref-pod
+  - default/good-pod
   result: pass
   rule: secrets-not-from-env-vars
-- kind: Pod
-  policy: secrets-not-from-env-vars
-  resources:
-  - default/secret-ref-pod
-  result: fail
-  rule: secrets-not-from-envfrom
-- kind: Pod
-  policy: secrets-not-from-env-vars
-  resources:
-  - default/secret-env-pod
-  result: pass
-  rule: secrets-not-from-envfrom
+  
\ No newline at end of file
diff --git a/other-cel/disallow-secrets-from-env-vars/.kyverno-test/resource.yaml b/other-cel/disallow-secrets-from-env-vars/.kyverno-test/resource.yaml
index 031d77c99..c13f1437a 100644
--- a/other-cel/disallow-secrets-from-env-vars/.kyverno-test/resource.yaml
+++ b/other-cel/disallow-secrets-from-env-vars/.kyverno-test/resource.yaml
@@ -33,3 +33,25 @@ spec:
     - secretRef:
         name: mysecret
   restartPolicy: Never
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: good-pod
+spec:
+  containers:
+  - name: test-container
+    image: registry.k8s.io/busybox
+    env:
+    - name: ENV_VAR_1
+      value: "value1"
+    - name: ENV_VAR_2
+      value: "value2"
+    volumeMounts:
+    - name: mysecret
+      mountPath: /mnt/mysecret
+  volumes:
+  - name: mysecret
+    secret:
+      secretName: mysecret
+
diff --git a/other-cel/disallow-secrets-from-env-vars/artifacthub-pkg.yml b/other-cel/disallow-secrets-from-env-vars/artifacthub-pkg.yml
index 2e3ea7a57..279a23b62 100644
--- a/other-cel/disallow-secrets-from-env-vars/artifacthub-pkg.yml
+++ b/other-cel/disallow-secrets-from-env-vars/artifacthub-pkg.yml
@@ -1,23 +1,24 @@
-name: disallow-secrets-from-env-vars
+name: disallow-secrets-from-env-vars-cel
 version: 1.0.0
-displayName: Disallow Secrets from Env Vars
-createdAt: "2023-04-10T20:30:04.000Z"
+displayName: Disallow Secrets from Env Vars in CEL expressions
 description: >-
   Secrets used as environment variables containing sensitive information may, if not carefully controlled,  be printed in log output which could be visible to unauthorized people and captured in forwarding applications. This policy disallows using Secrets as environment variables.
 install: |-
   ```shell
-  kubectl apply -f https://raw.githubusercontent.com/kyverno/policies/main/other/disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
+  kubectl apply -f https://raw.githubusercontent.com/kyverno/policies/main/other-cel/disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
   ```
 keywords:
   - kyverno
   - Sample
   - EKS Best Practices
+  - CEL Expressions
 readme: |
   Secrets used as environment variables containing sensitive information may, if not carefully controlled,  be printed in log output which could be visible to unauthorized people and captured in forwarding applications. This policy disallows using Secrets as environment variables.
   
   Refer to the documentation for more details on Kyverno annotations: https://artifacthub.io/docs/topics/annotations/kyverno/
 annotations:
-  kyverno/category: "Sample, EKS Best Practices"
-  kyverno/kubernetesVersion: "null"
+  kyverno/category: "Sample, EKS Best Practices in CEL"
+  kyverno/kubernetesVersion: "1.26-1.27"
   kyverno/subject: "Pod, Secret"
-digest: 79f059e745a1bd214bb91455e985bbb474f4b40590e871b6babaf60a9672b3c9
+digest: 7a8d2c6c16cc66744f7e274ed11d0065c1dc408644746c43effc25fb4261bb01
+createdAt: "2024-03-24T16:54:45Z"
diff --git a/other-cel/disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml b/other-cel/disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
index afc2c6b95..e936f8c3e 100644
--- a/other-cel/disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
+++ b/other-cel/disallow-secrets-from-env-vars/disallow-secrets-from-env-vars.yaml
@@ -3,17 +3,18 @@ kind: ClusterPolicy
 metadata:
   name: secrets-not-from-env-vars
   annotations:
-    policies.kyverno.io/title: Disallow Secrets from Env Vars
-    policies.kyverno.io/category: Sample, EKS Best Practices
+    policies.kyverno.io/title: Disallow Secrets from Env Vars in CEL expressions
+    policies.kyverno.io/category: Sample, EKS Best Practices in CEL 
     policies.kyverno.io/severity: medium
     policies.kyverno.io/subject: Pod, Secret
-    kyverno.io/kyverno-version: 1.6.0
+    kyverno.io/kyverno-version: 1.11.0
+    kyverno.io/kubernetes-version: "1.26-1.27"
     policies.kyverno.io/description: >-
       Secrets used as environment variables containing sensitive information may, if not carefully controlled, 
       be printed in log output which could be visible to unauthorized people and captured in forwarding
       applications. This policy disallows using Secrets as environment variables.
 spec:
-  validationFailureAction: audit
+  validationFailureAction: Audit
   background: true
   rules:
   - name: secrets-not-from-env-vars
@@ -23,25 +24,10 @@ spec:
           kinds:
           - Pod
     validate:
-      message: "Secrets must be mounted as volumes, not as environment variables."
-      pattern:
-        spec:
-          containers:
-          - name: "*"
-            =(env):
-            - =(valueFrom):
-                X(secretKeyRef): "null"
-  - name: secrets-not-from-envfrom
-    match:
-      any:
-      - resources:
-          kinds:
-          - Pod
-    validate:
-      message: "Secrets must not come from envFrom statements."
-      pattern:
-        spec:
-          containers:
-          - name: "*"
-            =(envFrom):
-            - X(secretRef): "null"
\ No newline at end of file
+      cel:
+        expressions:
+          - expression: "object.spec.containers.all(container, !has(container.env) || container.env.all(env, !has(env.valueFrom) || !has(env.valueFrom.secretKeyRef)))"
+            message: "Secrets must be mounted as volumes, not as environment variables."
+          - expression: "object.spec.containers.all(container, !has(container.envFrom) || container.envFrom.all(envFrom, !has(envFrom.secretRef)))"
+            message: "Secrets must not come from envFrom statements."
+                
\ No newline at end of file