diff --git a/lib/workers/repository/init/inherited.spec.ts b/lib/workers/repository/init/inherited.spec.ts
index 5808c82d5379d08899bb51b41004a93b57b8eeb9..c375edee9c15ba7fca3432a1fa1735f9ef59ff2d 100644
--- a/lib/workers/repository/init/inherited.spec.ts
+++ b/lib/workers/repository/init/inherited.spec.ts
@@ -25,6 +25,7 @@ describe('workers/repository/init/inherited', () => {
       inheritConfigFileName: 'config.json',
       inheritConfigStrict: false,
     };
+    hostRules.clear();
   });
 
   it('should return the same config if repository or inheritConfig is not defined', async () => {
@@ -112,6 +113,30 @@ describe('workers/repository/init/inherited', () => {
     expect(res.hostRules).toBeUndefined();
   });
 
+  it('should apply secrets to inherited config', async () => {
+    platform.getRawFile.mockResolvedValue(
+      `{
+        "hostRules": [
+          {
+            "matchHost": "some-host-url",
+            "token": "{{ secrets.SECRET_TOKEN }}"
+          }
+        ]
+      }`,
+    );
+    const res = await mergeInheritedConfig({
+      ...config,
+      secrets: { SECRET_TOKEN: 'some-secret-token' },
+    });
+    expect(hostRules.getAll()).toMatchObject([
+      {
+        matchHost: 'some-host-url',
+        token: 'some-secret-token',
+      },
+    ]);
+    expect(res.hostRules).toBeUndefined();
+  });
+
   it('should resolve presets found in inherited config', async () => {
     platform.getRawFile.mockResolvedValue(
       '{"onboarding":false,"labels":["test"],"extends":[":automergeAll"]}',
diff --git a/lib/workers/repository/init/inherited.ts b/lib/workers/repository/init/inherited.ts
index da497ca5aee671acfef8075f60296b18aa32014b..aa7266d70897e8519fb93a147b2ecf6a90098ab5 100644
--- a/lib/workers/repository/init/inherited.ts
+++ b/lib/workers/repository/init/inherited.ts
@@ -3,6 +3,7 @@ import { dequal } from 'dequal';
 import { mergeChildConfig, removeGlobalConfig } from '../../../config';
 import { parseFileConfig } from '../../../config/parse';
 import { resolveConfigPresets } from '../../../config/presets';
+import { applySecretsToConfig } from '../../../config/secrets';
 import type { RenovateConfig } from '../../../config/types';
 import { validateConfig } from '../../../config/validation';
 import {
@@ -105,6 +106,7 @@ export async function mergeInheritedConfig(
   }
 
   if (is.nullOrUndefined(filteredConfig.extends)) {
+    filteredConfig = applySecretsToConfig(filteredConfig, config.secrets ?? {});
     setInheritedHostRules(filteredConfig);
     return mergeChildConfig(config, filteredConfig);
   }
@@ -141,6 +143,7 @@ export async function mergeInheritedConfig(
     );
   }
 
+  filteredConfig = applySecretsToConfig(filteredConfig, config.secrets ?? {});
   setInheritedHostRules(filteredConfig);
   return mergeChildConfig(config, filteredConfig);
 }