diff --git a/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php b/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
index f747fed14d3fd..2a8e5dcc8b147 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
@@ -114,7 +114,7 @@ public function reveal(string $name): ?string
 
         $this->loadKeys();
 
-        if ('' === $this->decryptionKey) {
+        if ('' === $this->decryptionKey = (string) $this->decryptionKey) {
             $this->lastMessage = \sprintf('Secret "%s" cannot be revealed as no decryption key was found in "%s".', $name, $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
 
             return null;
@@ -181,8 +181,8 @@ public function loadEnvVars(): array
         }
 
         if ($this->derivedSecretEnvVar && !\array_key_exists($this->derivedSecretEnvVar, $envs)) {
-            $decryptionKey = $this->decryptionKey;
-            $envs[$this->derivedSecretEnvVar] = LazyString::fromCallable(static fn () => base64_encode(hash('sha256', $decryptionKey, true)));
+            $k = $this->decryptionKey;
+            $envs[$this->derivedSecretEnvVar] = LazyString::fromCallable(static fn () => '' !== ($k = (string) $k) ? base64_encode(hash('sha256', $k, true)) : '');
         }
 
         return $envs;
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Secrets/SodiumVaultTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Secrets/SodiumVaultTest.php
index e31e8364f142d..f91f4bceda5f4 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Secrets/SodiumVaultTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Secrets/SodiumVaultTest.php
@@ -14,6 +14,7 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
 use Symfony\Component\Filesystem\Filesystem;
+use Symfony\Component\String\LazyString;
 
 /**
  * @requires extension sodium
@@ -84,4 +85,17 @@ public function testDerivedSecretEnvVar()
 
         $this->assertSame(['FOO', 'MY_SECRET'], array_keys($vault->loadEnvVars()));
     }
+
+    public function testEmptySecretEnvVar()
+    {
+        $vault = new SodiumVault($this->secretsDir, '', 'MY_SECRET');
+        $envVars = $vault->loadEnvVars();
+        $envVars['MY_SECRET'] = (string) $envVars['MY_SECRET'];
+        $this->assertSame(['MY_SECRET' => ''], $envVars);
+
+        $vault = new SodiumVault($this->secretsDir, LazyString::fromCallable(fn () => ''), 'MY_SECRET');
+        $envVars = $vault->loadEnvVars();
+        $envVars['MY_SECRET'] = (string) $envVars['MY_SECRET'];
+        $this->assertSame(['MY_SECRET' => ''], $envVars);
+    }
 }