diff --git a/app/models/webhook.rb b/app/models/webhook.rb
index 64d93eb049..7134293aa2 100644
--- a/app/models/webhook.rb
+++ b/app/models/webhook.rb
@@ -38,7 +38,7 @@ class Webhook < ApplicationRecord
   validate :validate_template
 
   normalizes :events, with: ->(events) { events.filter_map { |event| event.strip.presence } }
-  before_validation :generate_secret
+  before_validation :generate_secret, unless: :secret?
 
   def rotate_secret!
     update!(secret: SecureRandom.hex(20))
@@ -99,6 +99,6 @@ class Webhook < ApplicationRecord
   end
 
   def generate_secret
-    self.secret = SecureRandom.hex(20) if secret.blank?
+    self.secret = SecureRandom.hex(20)
   end
 end
diff --git a/spec/models/webhook_spec.rb b/spec/models/webhook_spec.rb
index 957be5d269..9613d04844 100644
--- a/spec/models/webhook_spec.rb
+++ b/spec/models/webhook_spec.rb
@@ -35,6 +35,28 @@ RSpec.describe Webhook do
     end
   end
 
+  describe 'Callbacks' do
+    describe 'Generating a secret' do
+      context 'when secret exists already' do
+        subject { described_class.new(secret: 'secret') }
+
+        it 'does not override' do
+          expect { subject.valid? }
+            .to_not change(subject, :secret)
+        end
+      end
+
+      context 'when secret does not exist' do
+        subject { described_class.new(secret: nil) }
+
+        it 'does not override' do
+          expect { subject.valid? }
+            .to change(subject, :secret)
+        end
+      end
+    end
+  end
+
   describe '.permission_for_event' do
     subject { described_class.permission_for_event(event) }